Local Library uses RFID to Manage Materials, but Privacy Concerns Abound
Posted on Sunday, July 20th, 2008 at 2:46 pmContinuing the theme of privacy issues related to my new home library system (and I still haven’t received any reply from the Shorewood Public Library regarding their collection of patron social security numbers), the Milwaukee Journal Sentinel reports that the West Allis Public Library is using RFID chips to help manage their collection. By including bibliographic data in the microchip, the library can automate circulation functions: books can simply be passed by an RFID reader to scan the bibliographic data, rather than needing to be physically opened for a bar code to be scanned by a laser.
The article also notes that librarians can “[locate] misshelved items” using the RFID technology. Presumably, the library has some kind of hand-held scanner that librarians can pass over shelves to determine if a book is in the wrong place.
Herein lies a key privacy concern.
Public libraries have traditionally been sites for individuals to enjoy intellectual freedom. Librarians have a longstanding committment to patron privacy, have resisted past efforts by the government to surveill patron activities, and are among the most vocal critics of the USA PATRIOT Act. In fact, many Wisconsin libraries started to destroy patron borrowing records upon learning that the government might be able to gain access to such records without a warrant under the Patriot Act.
The library, then, has traditionally been a place for a person could enter, take a book off a shelf, sit and read it, take notes, put the book back, and leave the library. All the while, there was no systematic monitoring, tracking, or recording of the patron’s activities, what she took off the shelf, what she read, etc.
But the rise of bibliographc-encoded RFID chips, combined with hand-held scanners, complicates this. It becomes increasingly possible for someone armed with a scanner (whether a librarian, or a well-equipped law enforcement agent) to stroll by a patron’s table and passively scann all the books stacked up around her.
You can image the scenarios:
- Patron looks suspicious, stack of books on his table, feverishly taking notes. Paranoid librarian walks by and scans all the titles of the books, checking to see if any relate to terrorism, bomb-making, anti-Americanism, etc.
- Sensors placed on shelves with books about terrorism, nuclear reactors, and bomb-making to notify central authority when any title is removed. Sensors throughout building track the movement of the books. Photocopy machines deactivate when senses these titles nearby, etc.
- Law enforcement is provided the data-format for local library RFID tags. Use own scanners to “read” the titles of books as individuals walk through airports, public parks, subway system. Flag people with particular titles as “of interest” for further scrutiny.
Such scenarios are all the more possible with bibliographic-encoded RFIDs. The article doesn’t mention any privacy concerns, and I need to investigate whether the West Allis Public Library has addressed these issues. Key questions include:
- Precisely what bibliographic data is encoded on a book’s RFID chip.
- Is the RFID chip active or passive?
- What is the power of the RFID’s transmitter?
- Does the chip use any form of encryption? If so, who has access/authority to decrypt the data?
Share This | View blog reactions | Leave a Comment » | Top Of Page
Visibility of Googe’s Privacy Policy Depends on Where you Live
Posted on Friday, July 11th, 2008 at 9:11 pmFollowing up on Google’s recent decision (over the 4th of July holiday weekend) to sneak a link to its privacy policy onto its homepage and SERPs, Ted Byfield did a quick analysis of the realative visbility of the privacy policy on Google’s various country-specific hompages:
…a quick survey of “European” Google sites (adapted from some random list of country-code TLDs) turns up interesting data:
The following national/language pages don’t have privacy links: Shqip [Albanian], Bosnia and Hercegovina, Bulgaria, Belarus, Switzerland, Croatia, Iceland, Moldova, Malta, Norway, Slovenia, Slovakia, and Ukraine.
The following national/language pages do have privacy links: Andorra, Austria, Belgium, the Czech Republic, Denmark, Estonia, Germany, Finland, France, Georgia, Greece, Gibraltar, Greece, Hungary, Ireland, the Isle of Man, Italy, Jersey, Liechtenstein, Lithuania, Luxemburg, Latvia, Netherlands, Poland, Portugal, Romania, Russia, Serbia, Spain, Sweden, San Marino, Turkey, and the UK.
So the 80,058 residents of the Isle of Man enjoy easy access to Google’s privacy policies, while 46,372,700 Ukranian’s are left in the dark about what personal information Google collects and what they do with it. Seems if you’re not a part of the EU, Google just doesn’t see fit to provide that 7-letter link to help you understand the privacy implications of using its services.
Byfield’s analysis:
The placement of a privacy link may seem trivial—in fact, in itself, I think it is trivial (though no more so than an overweening emphasis on front-page aesthetics). But peculiarities about how even trivia like this is implemented can reveal a lot about corporate attitudes and behavior. In this case, Google’s convenient exceptionalism shows how it defers to the varied and minimal standards of national laws rather than defining a rigorous, affirmative standard and applying it transnationally. In doing so, it’s acknowledging that the governments of the states in which it operates will decide whether and when it will “be evil.”
Share This | View blog reactions | Leave a Comment » | Top Of Page
A Code of Best Practices in Fair Use for Online Video
Posted on Monday, July 7th, 2008 at 10:00 pmA group of legal, cultural, and social scholars have published a “Code of Best Practices in Fair Use for Online Video”, providing an important framework to help address the growing challenge of allowing fair use of online content in the face of more-and-more-powerful DRM and intellectual property right regimes, which inevitably over-protect content and often restrict valid fair uses.
Here is the introduction:
WHAT THIS IS
This document is a code of best practices that helps creators, online providers, copyright holders, and others interested in the making of online video interpret the copyright doctrine of fair use. Fair use is the right to use copyrighted material without permission or payment under some circumstances.
This is a guide to current acceptable practices, drawing on the actual activities of creators, as discussed among other places in the study Recut, Reframe, Recycle: Quoting Copyrighted Material in User-Generated Video and backed by the judgment of a national panel of experts. It also draws, by way of analogy, upon the professional judgment and experience of documentary filmmakers, whose own code of best practices has been recognized throughout the film and television businesses.
WHAT THIS ISN’T
This code of best practices does not tell you the limits of fair use rights.
It’s not a guide to using material people give permission to use, such as works using Creative Commons licenses. Anyone can use those works the way the owners say that you can.
It’s not a guide to material that is already free to use without considering copyright. For instance, all federal government works are in the public domain, as are many older works. In most cases, trademarks are not an issue. For more information on “free use,” consult the document “Yes, You Can!” and copyright.cornell.edu.
It’s not a guide to using material that someone wants to license but cannot trace back to an owner—the so-called “orphan works” problem. However, orphan works are also eligible for fair use consideration, according to the principles detailed below.
The Code provides best practices in six key areas:
- Commenting On Or Critiquing Of Copyrighted Material
- Using Copyrighted Material For Illustration Or Example
- Capturing Copyrighted Material Incidentally Or Accidentally
- Reproducing, Reposting, Or Quoting In Order To Memorialize, Preserve, Or Rescue An Experience, An Event, Or A Cultural Phenomenon
- Copying, Reposting, And Recirculating A Work Or Part Of A Work For Purposes Of Launching A Discussion
- Quoting In Order To Recombine Elements To Make A New Work That Depends For Its Meaning On (Often Unlikely) Relationships Between The Elements
[via danah boyd]
Share This | View blog reactions | Leave a Comment » | Top Of Page
Google (Quietly/Oddly) Adds Privacy Link to Homepage
Posted on Friday, July 4th, 2008 at 9:32 pmAfter coming under attack for refusing to add a simple hyperlink to help users find their privacy policy, Google has added the word “privacy”, with a link to its privacy policy, to its home page (image via Google):

Google, for whatever reason, isn’t directly acknowledging that there was public pressure to take this simple step. The announcement on Google’s public policy blog frames it in a self-congratulatory manner, noting how it’s putting “users’ privacy first and foremost” and strengthening user trust, etc, etc. And their main blog relates some odd story by
I’m thrilled Google has found the wisdom to add these 7 letters and a bit of HTML code to link to its privacy policy. I just wish they could be a bit more forthright in why it is important and why they’ve suddenly decided to make the change.
Share This | View blog reactions | 1 Comment » | Top Of Page
Court Orders Google to Give All YouTube User Histories to Viacom
Posted on Thursday, July 3rd, 2008 at 12:39 pmVideo privacy be damned.
Louis L. Stanton, a senior judge on the United States District Court for the Southern District of New York, issued an order (PDF) Wednesday requiring Google to turn over every record of every video watched by YouTube users, including users’ login and IP addresses, to Viacom, which is suing Google for allowing clips of its copyright videos to appear on YouTube.
The EFF has an excellent summary and reaction, noting that the order likely violates the protections of the federal Video Privacy Protection Act (VPPA):
The court’s order grants Viacom’s request and erroneously ignores the protections of the federal Video Privacy Protection Act (VPPA), and threatens to expose deeply private information about what videos are watched by YouTube users. The VPPA passed after a newspaper disclosed Supreme Court nominee Robert Bork’s video rental records. As Congress recognized, your selection of videos to watch is deeply personal and deserves the strongest protection.
…
Google correctly argued that “the data should not be disclosed because of the users’ privacy concerns,” citing the VPPA, 18 U.S.C. § 2710. However, the Court dismissed this argument with no analysis, stating “defendants cite no authority barring them from disclosing such information in civil discovery proceedings, and their privacy concerns are speculative.”
In a footnote, the Court references the VPPA, noting that the federal law “prohibits video tape service providers from disclosing information on the specific video materials subscribers request or obtain.” It is possible that the reference to “video tapes” in the VPPA was confusing. However, the Act is not limited to the technology available at the time of its enactment.
To the contrary, the act refers to “prerecorded video cassette tapes or similar audio visual materials.” A YouTube video may not be a videotape, but certainly qualifies as audio visual material. Thus, YouTube is a “video tape service provider” under the act, because it is “engaged in the business [of] delivery of … audio visual materials.” The VPPA protects “personally identifiable information,” which is defined to include “information which identifies a person as having requested or obtained specific video materials or services.” This is exactly what is in the Logging database.
…
The Court also stated that Google did “not refute that the ‘login ID is an anonymous pseudonym that users create for themselves when they sign up with YouTube’ which without more ‘cannot identify specific individuals.’”
As an initial matter, this is factually insufficient. If any single one of the YouTube users in the Logging database picked a Login ID that does identify that user (i.e. if my YouTube login was kurtopsahl), then the Logging database’ information about viewing habits is protected by the VPPA, even if others pick anonymous pseudonyms.
Furthermore, even Google’s IP address statement only asserts that “in most cases” the IP address is not identifiable, certainly not in all cases. Putting aside whether a Google Public Policy blog’s statement on an unrelated topic can waive the privacy rights of YouTube users, the statement means that at least some YouTube users are identifiable, and must be protected by the VPPA.
In any event, the court ordered production of not just IP addresses, but also all the associated information in the Logging database. Whatever might be said about ‘an IP address without additional information,’ the the AOL search history leak fiasco shows that the material viewed by a user alone can be sufficient to identify the user, even with neither a login nor an IP address.
The Court’s erroneous ruling is a set-back to privacy rights, and will allow Viacom to see what you are watching on YouTube. We urge Viacom to back off this overbroad request and Google to take all steps necessary to challenge this order and protect the rights of its users.
More coverage at TechCrunch, Threat Level, and CNet.
UPDATE: Unfortunately I’ve been too busy with other things to stay on top of this case. Fortunately, Fred Stutzman is following it.
Share This | View blog reactions | Leave a Comment » | Top Of Page
My Local Library Requires Patron’s SSNs
Posted on Wednesday, July 2nd, 2008 at 4:12 pmBlogging has been extremely light as I’m in the process of relocating to Milwaukee. To that end, I recently visited my local community’s public library to sign up for a card, and was shocked to see that they required me to divulge my social security number in order to obtain a library account. I’ve sent the following letter to the library director as well as the library board.
(Please let me know if your public library also requires an SSN to get a card).
July 2, 2008
Elizabeth Carey
Director of Library Services
Shorewood Public Library
Shorewood, WisconsinDear Ms. Carey:
I am a new resident of the village of Shorewood and recently visited the Shorewood Public Library. While I was very impressed with the facilities provided to the residents of our community, I was taken aback when, upon signing up for a library card, I was required to divulge my social security number.
I am a scholar who studies ethics and technology, and much of my research has focused on how new information systems impact personal privacy. For example, my doctoral dissertation, “The Quest for the Perfect Search Engine: Values, Technical Design, and the Flow of Personal Information in Spheres of Mobility,” investigated of how Google’s drive to create the “perfect search engine” empowers the widespread capture of personal information flows across the Internet, threatening the ability to engage in online social, cultural, and intellectual activities free from answerability and oversight, thereby bearing on the values of privacy, autonomy, and liberty. One of the key components in this thesis is that the rise of Web search providers has supplanted the public library as a primary source of information, yet search engines do not have the same historical commitment to protecting intellectual privacy that libraries have shown over the past 100 years.
Certainly, the Shorewood Public Library is committed to patron privacy. Your spring 2008 newsletter highlights how the library complies with the relevant Wisconsin statues concerning the confidentiality of patron records. Yet, requiring the divulgence of a social security number to obtain a library card presents a significant privacy and identity theft risk for each patron who uses your services. [1]
The American Library Association provides a clear view of the threats involved with using social security numbers:
“The widespread use of SSNs by public and private agencies had created a dual threat of fraud victimization and the invasion of privacy, by linking significant amounts of personal and financial information through a single number.” [2]
When I asked the librarian why my social security number was necessary, she replied that it helps with internal tracking. I find this reason unsatisfactory, as my drivers license number (also required) should be sufficiently unique to enable tracking of my account. Further, since each patron is assigned a unique library account number, the need for a SSN in order to facilitate internal tracking is redundant and exposes patrons to unnecessary risks.
Perhaps the Shorewood Public Library is recording patrons’ social security numbers to assist in tracing patrons who having outstanding fines or overdue materials. Again, I question the need for a social security number to perform this function. Neither the Milwaukee Public Library, nor the New York Public Library (my previous library system) require patrons to reveal their social security number, and presumably these larger, urban library systems face greater occurrences of outstanding fines, overdue items, or theft. Even the ALA notes that: “Libraries have long used SSNs to trace patrons who have outstanding fines or overdue materials, often through collection agencies. In fact, the current state of internet technology often allows an individual to be located without the use of an SSN.” [2]
What kind of policy should the Shorewood Public Library have regarding the collection and use of patrons’ social security numbers? We can again turn to the ALA for guidance, who states that libraries that choose to use SSNs in patron databases or to identify users should:
* inform patrons whether providing their SSNs is mandatory or voluntary, and under what statutory authority the SSNs are solicited;
* inform patrons of the purpose for which SSNs will be used;
* use encryption to protect SSNs within patron databases, and;
* investigate other methods of uniquely identifying patrons and tracing those who have outstanding fines or overdue materials. [2]From my experience, it does not appear that the first two items where met, and I do not have the information to determine whether items 3 and 4 are being followed at Shorewood Public Library.
Let me be clear that this is not simply a lengthy complaint; I would like to offer my help and expertise. This fall, I am joining the faculty at the School of Information Studies at the University of Wisconsin-Milwaukee, and I would be happy to make myself (and my students) available to help the Shorewood Public Library address these issues and enact privacy-protecting policies regarding the collection and use of patron social security numbers.
Sincerely,
Michael Zimmer
Cc: Shorewood Public Library Board
[1] For more on the privacy concerns with the widespread use of social security numbers, see http://epic.org/privacy/ssn/.
[2] http://www.ala.org/ala/oif/statementspols/statementsif/interpretations/questionsanswers.cfm
Share This | View blog reactions | 1 Comment » | Top Of Page




Web Search: Multi-
disciplinary Perspectives