Affronts to Library Liberty

legal, ethical, and practical responses

Jessamyn West
Rutland Free Library




These 3 pieces of legislation on the surface don't have a whole lot in common except... [next]

USAPA: Context

USA PATRIOT Act - stands for The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act [next]

CIPA: Context

CIPA stands for the Children's Internet Protection Act, a very small part of a larger appropriations bill which passed Congress December 2000.
"the federal government funds 1 to 2 percent of money in libraries" - Judith Krug


HIPAA: Context


HIPAA stands for Health Insurance Portability and Accountability Act. Written as a health insurance reform measure & signed into law in August 1996. [next]
[image credit]

Recap: Context

These three sets of laws are government-sponsored legislation that force librarians to be more conscious about privacy, security and watching their asses, legally.

Most of them have not gotten to the point of sustaining legal challenge. CIPA passed one set of challenges but is likely to face a second.

[image credit]

USAPA: Legally

In short: Section 215 gives the government new powers to ask for and receive records in your library.

BUT, the DOJ disagrees with organizations such the ACLU & ALA on the extent of the new laws and how invasive they are, or can be. Previously subpoenas for information came from a federal grand jury. Now they come from the [secret] FISA court. FISA orders could only be used previously if the primary purpose of the order was to gather foreign intelligence information. USAPA changed the "primary purpose" criteria to one of "significant purpose." Potential uses include.... [next]

CIPA: Legally

In short: if you get government money for net access, you must install filters on all computers
Note: even without CIPA there is no constitutional protection for anyone to view obscene images or child pornography


HIPAA: Legally

In short, codifies many practices that were in use already. Strengthens many requirements for privacy and security, especially when transferring data.

[image credit]

Recap: Laws

CIPA & HIPAA require complaints [or possibly audits] in order for there to be legal trouble. Think ADA. A happy & informed patron and user base can be your best defense against CIPA/HIPAA.

The USA PATRIOT Act appears to be on eroding legal footing, seemingly waiting for a challenge to be filed against it.

[image credit]

USAPA: Ethically

While librarians may or may not be split as to how much of the USAPA is vital for National Security there are generally conficts with USAPA and patron privacy policies, and librarians' and library staff's rights. [next]

CIPA: Ethically

The American Library Association was one of the organizations fighting to overturn this law, but it is now the law of the land, with most appeals exhausted. Official responses need to be tactical, not reactionary. [next]

HIPAA: Ethically

The librarian's usual privacy concerns become amplified and attenuated with HIPAA. "Minimum necessary" becomes a mantra. [next]
[image credit]

Recap: Ethics

Core values of librarianship Involve staff, the public, the media and the board in your work on these issues. Designate point people for discussion and training. Learn the tech you need to know.

[image credit]

Practically Speaking: Discussions

USAPA: Legally, you can't do as much after an FBI visit as you can before.... Discuss options with board, publicize the USAPA and the library's reaction to it, to patrons, media and other staff. Remember your discussion options are limited once you've had a visit by officials

CIPA: Do we need to filter? If you don't get e-rate or LSTA funds, you're set... for now. Watch your purchases and keep apprised of regulations and funding streams for Internet access. If you're opposed to CIPA on ethical grounds, start looking for sources of funding to compensate for e-rate and LSTA funds. Think cost-benefit analysis

HIPAA: Realistically assess funding, staffing and current policies and procedures. Play devil's advocate with your systems. Do they work? Do people understand them? Use "the form" as a way of educating staff and patrons about HIPAA not just mystifying them.


Practically Speaking: Systems

  1. Learn the terms: PHI, ePHI, CE, TPO, HHSOCR, etc.
  2. Learn the information pathways, all of them [talk, fax, email, voicemail, scribbling, hard drives]
  3. Add 1 + 2 and find ways to secure them
  4. review and implement clear policies, make sure "go to" people really know their stuff.

Practically speaking: Staff & Community & Patrons


And Finally...

The choices are yours to a large degree. While certain degrees of compliance are required legally, other levels of patron interaction are up to you. Be proactive, be positive and above all be informed so you can be an advocate for your patrons and staff and the community at large.

[image credit]

Links & Sources






"To those who scare peace-loving people with phantoms of lost liberty, my message is this: Your tactics only aid terrorists, for they erode our national unity and diminish our resolve."
-John Ashcroft

Jessamyn West is the new outreach librarian at Rutland Free Library the editor of the weblog and the co-editor of Revolting Librarians Redux. She has written extensively about the USA PATRIOT Act on her blog and for online and print sources.

Her "The FBI Has not Been Here" and "Make Mine Unfiltered" signs have received the odd media mention here and there.

This presentation was created in HTML using CSS. There was no PowerPoint involved in this presentation except as a nagging bad example.