Privacy, Convenience, and Why do you Hate “Seamless Access”?

Photo by Lorraine Kisselburgh

“Don’t ever invite a vampire into your house, you silly boy. It renders you powerless.”
The Lost Boys

“We just want to make sure he wasn’t looking at child pornography,” one of the uniformed police officers told me. I was the evening reference librarian on duty and the cops had shown up because a drunk patron (not one of our regulars, like the “sunglasses man” or “baseball cap guy” who frequent many public libraries), bottle in hand, was causing a commotion.

Even though I was just a year or two out of library school, where we had gone over patron privacy and the need to protect people’s reading histories, the instinct to obey a request from law enforcement personnel was even stronger: I don’t recall really hesitating about walking over to the workstation and pressing CTRL+H. We didn’t find anything notable, and the tipsy man was taken away, presumably for a night in the drunk tank.

Certain things are non-starters for some people, or at least so they proclaim. I once stood behind a fellow passenger in an airport ticket counter re-booking line who would “never fly on a propeller plane,” for instance. It would make for a good story if I said they ended up on my puddle jumper flight home, but I honestly don’t remember how that worked out.

I’d like to think, based if nothing else on the number of times I’ve dealt with people who weren’t, that I would be willing to be held accountable for my actions, no matter what. Yet as stated in a comment about the unregistered diplomat’s wife who killed someone in a car crash, then flew home with a dubious claim of diplomatic immunity: “The people on here swearing they’d do prison time despite a get out of jail free card are downright delusional.”

When libraries stand up to vendors who violate ethical pricing models or commit wanton privacy violations, such as with the New York Public Library and Kanopy; public libraries and LinkedIn Learning; or the University of California’s Elsevier subscription, considering how much else we put up with, it still seems to me the exception rather than the norm.

If faced with the same situation again, I would hopefully tell the police that a patron’s computer use history is subject to our privacy policy, and while I could certainly look it over myself and report back on any criminal behavior, if anyone else wanted to conduct a fishing expedition, like those classy doormats say, come back with a warrant. Doubly so with any content providers demanding an individual’s unique identifier as a prerequisite for access.

Talk is cheap. Think of how many libraries espouse Open Access all over the place, but at the end of the day haven’t taken any meaningful steps at cancelling subscriptions to overpriced publications. Would you be willing to go to jail, like Zoia Horn did, to protect patron privacy? Or would you be more like Kathleen Hensman, who broke that confidentiality when reporting to the police how the 9/11 hijackers used her library?

Requiring readers to surrender their anonymity is a slight violation of the freedom to read, not worthy of practical concern, in the same way that someone who’s expecting is just a little bit pregnant. We either have professional values and standards, thereby defending the rights of our constituents, or we may as well throw in the towel and start monetizing the tracking of individual reading behaviors by doing it ourselves, cutting out the middlemen and taking a page from Facebook’s profit model.

Of course, I say this from the relative safety of my armchair, at an academic institution that retained its subscription to LinkedIn Learning (we did not speak out, because we are not a public library…) and shows no indication at seriously evaluating its spiraling payments to commercial publishers any time soon. So it’s no wonder that there is a coordinated propaganda effort underway to sell new surveillance systems—which has a ring of “these changes will allow us to serve you better.”

After all, if you repeat a lie often enough, most people will accept it. Here’s some recent quotes about the impending changes to do away with anonymous reading:

  • “this will require you to take a brief, one-time additional step to set up”
  • “Profiles help us to authenticate that users are real people and help to ensure we give our members a safe, trusted environment to interact with others and learn”
  • “In the RA21 era, there is no need to sacrifice features for convenience”
  • “We Can Provide Single Sign On and Protect Privacy at the Same Time.”
  • “complete, reliable, and rich usage statistics across all the content platforms you subscribe to” (patently false in the case of on-campus users following unproxied URLs)
  • “It can be painful for your researchers to gain access to your subscriptions on a publisher’s site when they are outside of your institution’s network IP ranges.”

Vendors and industry affiliates sure can come up with some modus ponens, Betteridge’s law worthy headlines. About the best I can say about them is, “thou dost thy office fairly.” I also see that RA21 is rebranding itself as “The Coalition for Seamless Access,” a name change placing it in the good company of Blackwater, the Exxon Valdez, Philip Morris, and Time Warner Cable. It also reminds me of the ill-fated and inaccurate moniker PlaysForSure.

The implication with this revised and rather loaded name, I suppose, is that access is somehow more seamless than before. However, we already have seamless access. Onboarding new subscription platforms with IP-based authentication is not only a breeze, considering our static IP range and EZproxy set-up, it is infinitely preferable to having end users hit a login screen from within our network, since they don’t do so now.

Not only is signing in unnecessary for on-campus use of our licensed resources, as in the case of our drunk community patron, there’s currently no way for it to happen anyway. As a public research university, we allow unaffiliated individuals to use unlocked workstations to conduct library research. The freedom to do so anonymously is only possible because we have IP-based subscriptions.

My university system is currently implementing dual-factor authentication. As in, enroll now if you want to be able to access your e-mail next month. I suspect that once everything’s in place, our incidents of compromised accounts, at least those connecting from multiple countries to systematically download library materials, will effectively be reduced to zero. It is an admittedly increased hassle for end users to have to enter their challenge/conformation codes, justified as a necessary cost for increased security.

On the flip side, I would gladly undertake any amount of a supposedly extra workload on our back end systems to ensure that reader privacy is protected. The erosion of those safeguards, even when done with the noblest of intentions, is still something I get uppity about and view as the equivalent of a practice which is unsafe at any speed.

Choosing what is right over what is easy, in other words, can be difficult. Earlier this year, for example, my daughter announced that she wanted to just use the school’s (snoopware-ridden) laptop because, “It’s easier for me and I have nothing to hide,” meaning I have officially failed as a parent.

Regardless, anyone taken aback by Googling their latest medical condition and then seeing recommended videos on YouTube purporting to cure that affliction should want to preserve what little online privacy they have left. When it comes to the tracking of individual library usage, the purported benefits to security and the need for gathering analytics data are both dubious at best.

We should be doing more than a collective shrug about these attempts to undermine patron privacy. It’s becoming easier to imagine a world without libraries because market forces are pushing hard for such a world to become reality. Something to keep in mind the next time you’re asked to sign a contract that chips away at the aspect of anonymity with respect to our freedom to read.

Further Reading

Librarian at the University of Wisconsin–Milwaukee