Local Library uses RFID to Manage Materials, but Privacy Concerns Abound
Continuing the theme of privacy issues related to my new home library system (and I still haven’t received any reply from the Shorewood Public Library regarding their collection of patron social security numbers), the Milwaukee Journal Sentinel reports that the West Allis Public Library is using RFID chips to help manage their collection. By including bibliographic data in the microchip, the library can automate circulation functions: books can simply be passed by an RFID reader to scan the bibliographic data, rather than needing to be physically opened for a bar code to be scanned by a laser.
The article also notes that librarians can “[locate] misshelved items” using the RFID technology. Presumably, the library has some kind of hand-held scanner that librarians can pass over shelves to determine if a book is in the wrong place.
Herein lies a key privacy concern.
Public libraries have traditionally been sites for individuals to enjoy intellectual freedom. Librarians have a longstanding committment to patron privacy, have resisted past efforts by the government to surveill patron activities, and are among the most vocal critics of the USA PATRIOT Act. In fact, many Wisconsin libraries started to destroy patron borrowing records upon learning that the government might be able to gain access to such records without a warrant under the Patriot Act.
The library, then, has traditionally been a place for a person could enter, take a book off a shelf, sit and read it, take notes, put the book back, and leave the library. All the while, there was no systematic monitoring, tracking, or recording of the patron’s activities, what she took off the shelf, what she read, etc.
But the rise of bibliographc-encoded RFID chips, combined with hand-held scanners, complicates this. It becomes increasingly possible for someone armed with a scanner (whether a librarian, or a well-equipped law enforcement agent) to stroll by a patron’s table and passively scann all the books stacked up around her.
You can image the scenarios:
- Patron looks suspicious, stack of books on his table, feverishly taking notes. Paranoid librarian walks by and scans all the titles of the books, checking to see if any relate to terrorism, bomb-making, anti-Americanism, etc.
- Sensors placed on shelves with books about terrorism, nuclear reactors, and bomb-making to notify central authority when any title is removed. Sensors throughout building track the movement of the books. Photocopy machines deactivate when senses these titles nearby, etc.
- Law enforcement is provided the data-format for local library RFID tags. Use own scanners to “read” the titles of books as individuals walk through airports, public parks, subway system. Flag people with particular titles as “of interest” for further scrutiny.
Such scenarios are all the more possible with bibliographic-encoded RFIDs. The article doesn’t mention any privacy concerns, and I need to investigate whether the West Allis Public Library has addressed these issues. Key questions include:
- Precisely what bibliographic data is encoded on a book’s RFID chip.
- Is the RFID chip active or passive?
- What is the power of the RFID’s transmitter?
- Does the chip use any form of encryption? If so, who has access/authority to decrypt the data?