Drop that book and back away slowly… Electronic Privacy Information Center Freedom 2.0 Distributed Democracy Dialogue for a Connected World May 22, 2004 Washington Club Washington, D.C.
Download ReportTranscript Drop that book and back away slowly… Electronic Privacy Information Center Freedom 2.0 Distributed Democracy Dialogue for a Connected World May 22, 2004 Washington Club Washington, D.C.
Drop that book and back away slowly… Electronic Privacy Information Center Freedom 2.0 Distributed Democracy Dialogue for a Connected World May 22, 2004 Washington Club Washington, D.C. Privacy, Libraries, and the Law Infopeople Webcast Thursday October 21, 2004 12:00 noon to 1:00 p.m. Mary Minow, J.D., A.M.L.S. LibraryLaw.com [email protected] Housekeeping • New interface! HorizonLive is now Don’t wait HorizonWimba for Q&A to • Today’s webcast: submit – presentation: 50 minutes – Q&A: final 10 minutes questions • Submit your questions via ‘Chat’ during webcast so presenter gets them in time • Fill out evaluation during Q&A Webcast Archives: http://infopeople.org/training/webcasts/archived.html When to Use Chat • Get help with technical difficulties • send message to “HorizonHelp” • Ask presenter questions • send message to “ALL” • Chat with other participants • “select name from dropdown list” Chat Area There List of Participants There Legal Disclaimer • Legal information • Not legal advice! Privacy Agenda 1. Professional ethics 2. Legal Framework because ethics aren’t enough 3. Library Policies can strengthen user privacy 4. Emerging issues RFID, Biometrics ethics law National Attention on Library Privacy We worship an awesome God in the Blue States, and we don’t like federal agents poking around in our libraries in the Red States. Barak Obama at Democratic National Convention 2004 Still, We Need to Communicate Professional Ethics to Others “County doesn’t understand library’s ethical concerns. They just want to turn over the records.” – library attorney Staff – when hiring Volunteers Communicating Concerns Not Enough Tell History Library Awareness Program Librarian Code of Ethics "It is the librarian's obligation to treat as confidential any private information obtained through contact with library patrons.“ 1939 Why Privacy Matters • “You’re only as sick as your secrets” • Yet research disease, depression, abuse • Behave differently when we are watched Professional Ethics: Anonymity “When you speak with a librarian, it is similar to speaking with a holy person. …Wild partners could not drag this type of confidence from a librarian.” Eric Kaufman, “Firm Librarians: How They Enrich Your Experience,” New York Law Journal (June 5, 2000). Anonymity vs. Confidentiality Anonymity No records created No personal information required to use library services Confidentiality Records created Library will not disclose … except under specified circumstances Honor System experiment …is WORKING depression, drug abuse, sex, contraception Pam Davis, “The honor system: a library encourages kids to take books without checking them out,” School Library Journal, (March 2004). Law Outweighs Professional Ethics ethics LAW LEGAL FRAMEWORK Federal, State, Local Laws Federal, State, Local Laws Records v. Observations Records v. Observations Type of Record Request Type of Record Request Librarian Suspicion Librarian Suspicion Federal, State, Local Laws Constitution Federal Law State Laws Local laws Library Policies U.S. Constitution Fourth Amendment quite weak allows third parties to reveal user information …even if user believed the information was confidential United States v. Miller, 425 U.S. 435, 443 (1979) U.S. Constitution First Amendment and the Right to Read Unconventional ideas might disturb the complacent … but essential if vigorous enlightenment is to triumph over slothful ignorance necessarily protects the right to receive information Martin v. Struthers, 319 U.S. 141, 143 (1943). See also Susan Nevelow Mart, “The Right to Receive Information,” http://www.aallnet.org/products/2003-11.pdf U.S. Constitution First Amendment and Anonymity Once the government can demand of a publisher the names of the purchasers … the spectre of a government agent will look over the shoulder of everyone who reads. United States v. Rumely, 345 U.S. 41, 57-58 (1953) (Douglas, J., concurring) See also Julie Cohen, A Right to Read Anonymously http://www.law.georgetown.edu/faculty/jec/read_anonymously.pdf 48 State Laws Protect Library Records Hawaii and Kentucky have Atty Gen. opinions www.ala.org/alaorg/oif/stateprivacylaws.html Local Laws, Library Policies • Local - Possible record retention laws • Library policies – May offer greater protection than state law Local Government Records Management Guidelines (2004) www.ss.ca.gov/archives/locgov/localgovrm6.pdf www.ss.ca.gov/archives/locgov/localgovrm6.pdf Records vs. Observations Records Documents, writing, recording on any media Observations • “plain view” – (what’s visible on screen) • patron behavior • physical descriptions Observations: Dead Body in Library Parking Lot Memphis Public Library Green Plymouth Fury “massive amount of flies” Police found dead body Tennessee v. Rickman, 2002 Tenn. Crim. App. LEXIS 449 (May 17, 2002) Observations: Tylenol Murders Librarian tipped off FBI Observations: Library Security Videotapes Children reported man in bookshelves exposing himself Library security tapes showed man leaning forward in bookshelves Convicted - criminal sexual conduct Minnesota v. Sihler, 2002 Minn. App. LEXIS 376 Don’t Need Court Order for Observations UCLA Library –manipulating NEI Webworld stock FBI tracked extortion messages –quiet stakeouts Crofton (MD), Falls Church (VA) libraries FBI used “BACK Button” to find embassy addresses SEC v. Aziz Golshani; Tarpon Springs FL, U.S. v. Regan Records vs. Observations Protected by Documents, writing, State Law recording on any media Records Observations • “plain view” – (what’s visible on screen) • patron behavior • physical descriptions Records vs. Observations Protected by Documents, writing, State Law recording on any media Records Observations • “plain view” – (what’sNot visibleProtected on screen) • patron behavior State Law • physical descriptions by Types of Record Requests Federal Federal libraries – subject to Privacy Act Schools with federal funds – subject to FERPA confidential “student records” Federal Library and Information Center Committee (FLICC) and Family Educational Rights and Privacy Act (FERPA) 20 U.S.C. § 1232g; 34 CFR Part 99 Videos Protected by Federal Law Video Privacy Protection Act, 18 U.S.C. § 2710 et seq. State Libraries in California Information Practices Act governs state collection of personal info California Civil Code Sect. 1798 et seq. Plus required to set privacy policies per California Govt Code Sect. 11019.9 All Libraries in California: May not display Social Security Numbers nor embed them on a barcode, chip, etc. www.privacy.ca.gov/recommendations/ssnrecommendations.pdf Calif. Civil Code Sects. 1798.85-1798.86, 1785.11.1, 1785.11.6 and 1786.60 Local Libraries California Public Records Law requires disclosure of "Public records" - any writing relating to the conduct of the public's business used by any state or local agency regardless of physical form California Govt Code Sect. 6252(d) Incident Reports are Public Records Expunge names “Balancing Test” Exception When public interest in confidentiality clearly outweighs the public interest in disclosure Cal. Govt. Code Sect. 6255(a) Not Protected by Public Records law: Library Registration and Circulation Records Registration records any information which a library requires a patron to provide in order to become eligible to borrow books and other materials Must disclose statistical reports of registration and circulation and fine records Circulation records information which identifies the patrons borrowing particular books and other material. California Govt Code Sect. 6267 Unclear Status: Reference Records, Online Searches etc. Virtual Reference chats Need to broaden legal definitions Exceptions ACC Administration of the library Consent – Written Order of superior Court California Govt Code Sect. 6267 Court Orders • Search warrants are court orders – Try for delay to get lawyer – Immediately executable • Subpoenas are not court orders (unless signed by a judge) – Gives time to see a lawyer – e.g. five days Come back Nov 4 webcast responding to search warrants What about Parents? • 8 states amended laws to give parents access in past three years (Alabama, Florida, Louisiana, Massachusetts, Ohio, South Dakota, West Virginia, Wisconsin) • Failed attempts: Alaska, New Hampshire • California law: No parental exception Parents – Technology Solution User types in PIN to see record Teenager has PIN Parent has PIN Librarian Suspicion May release electronic communications if Reasonable belief emergency involving immediate death or serious physical injury Sect. 212 Patriot Act, amending ECPA Sect. 2702 Librarian Initiated 9-11 Facts: Sept 15, 2001 Kathleen Hensman, reference librarian, Delray Beach recognized name of patron Talked to library director Called local police; forwarded to FBI Delray Beach FL Library’s Legal Opinion: Observation Legal opinion by library’s lawyers: • Recollection not records • Records released only after “properly drawn” order Bottom Line • Never respond to informal request for user records • Local libraries – user records private unless court order • Search warrant – on the spot • Subpoena – date to respond POLICIES American Library Association Model Library Privacy Policy • Notice & Openness • Choice & Consent • Access by Users • Data Integrity & Security • Enforcement & Redress tinyurl.com/32xhc Notice & Openness Post personal informationgathering policies where stored, how long, who has access, how used e.g. User Registration Circulation Internet Sign-ups Disclosure to Patrons Santa Cruz Choice and Consent OPT-IN *Registration Form* Permission to share with Friends Offer Anonymity On-site database use Internet use Virtual reference Anonymous Internet Use at SOME LIBRARIES Anonymous when •No sign-ups •Paper sign-ups “Mickey Mouse” •Automated sign-ups “guest cards” Anonymous Internet Use at SOME LIBRARIES Anonymous when •No sign-ups •Paper sign-ups “Mickey Mouse” •Automated sign-ups “guest cards” Librarians can still be called to testify Surveillance Cameras Virtual Reference Many more records Or GREATER anonymity? Paul Neuhaus – Chart on Virtual Reference Software Privacy Features :> www.library.cmu.edu/People/neuhaus/software.html Access by Users • Personally identifiable information • Addresses, circulation records, fines, blocks… User has PIN Data Integrity & Security • Integrity – use only reputable sources – destroy old data or strip PII – Shared Data (Consortia, Collection Agencies): • Arrangements include confidentiality policies • ensure timely corrections, deletions • Security – Block unauthorized access – Avoid social security PIN's Destroy Records When No Longer Needed PUT RECORD RETENTION POLICY IN WRITING Remote Databases Need Authentication Privacy Guidelines for VENDORS International Coalition of Library Consortia 2002 (ICOLC) PUBLISHER will not disclose information about any user … without permission of user, except as required by law. www.library.yale.edu/consortia/2002privacyguidelines.html Solution: Shibboleth? • Authenticate • Let pass through without attaching PII Enforcement & Redress • Regular privacy audits • Procedure for complaints • Training Further Resources on Privacy Policies For Librarians and Libraries | American Library Basics | Developing a Confidentiality Policy | State Statutes on Library Confidentiality | Privacy Resources for Librarians, Library Patrons, and Families | ALA Policies and Guidelines | Access to Electronic Information, Services, and Networks | Questions and Answers: Access to Electronic Information, Services, and Networks | Code of Ethics | Freedom to Read Statement | Freedom to View Statement | Library Bill of Rights | Policy concerning Confidentiality of Personally Identifiable Information about Library Users | Policy on Confidentiality of Library Records | Suggested Procedures for Implementing Policy on Confidentiality of Library Records | Privacy: An Interpretation of the Library Bill of Rights Privacy: An Interpretation of the Library Bill of Rights Questions and Answers on Privacy and Confidentiality Privacy Tool Kit Privacy Tool Kit www.ala.org/privacy - then click “privacy resources” EMERGING Technology Self Check, RFID, Biometrics, Keyloggers Privacy enhancing IF Patron information is not seen by all RIFD – Follow that Koran? Tiny tags report data by radio Less staff Privacy concerns galecia.com/included/docs/rfid_position_paper_rev2.pdf Beware of Key Loggers Thieves go to public terminals to scour for user info in cache Automatic log out Now: watch out for keyloggers that capture every key stroke http://www.amecisco.com/keylogger.after.jpg Biometrics: Fingerprints Micro Librarian Systems IdentiKit in U.K. Retinal scans at Venerable Bede Church of England Aided School www.buffalolib.org/events/touchngo.asp http://www.smartid.gov.hk/en/library/index.html www.ala.org/ala/washoff/WOissues/civilliberties/privacy/privacyrelated.htm Further Resources American Library Association Privacy and Confidentiality http://tinyurl.com/3oun4 Office for Intellectual Freedom. Call if FBI visits. Just say “I need to speak with an attorney” 1-800-545-2433 ext. 4223 Library Privacy Audits and Search Warrants: Preparing for Inquiries into User Records Infopeople Webcast Thursday November 4, 2004 12 noon – 1 p.m. Karen Coyle and Mary Minow