Blogging the ALA Privacy Panel

I was invited to be a blogger for the Privacy: Is it Time for a Revolution? panel happening this Sunday from 1:30-3:00 in room 201D at the convention center. Speakers will be Cory Doctorow, Dan Roth from Wired, and Beth Givens, the director of the Privacy Rights Clearinghouse. This is supposed to be a “debate” but I really sort of think it’s mostly going to be a discussion of the erosion of the idea of privacy and what librarians are or should be doing about it. I’m looking forward to hearing it all three of these speakers have years (decades?) of experience and sharp minds. Cory I know is an engaging and at times provocative speaker.

I’m assuming they got some grant money for this, because I got a very slick looking concept paper about the idea with a lot of good backgrounder information (email me if you’d like me to send you a copy) and they ponied up money for a domain: PrivacyRevolution.org. Unfortunately, the domain has been parked at GoDaddy until pretty much today, so my blogging about it is going to be minimal since I’m getting on a plane in 12 hours and will have minimal net access until sometime Friday. There is a survey there that I encourage you to take.

You can also follow their twitter stream and they will be following the Librarian Society of the World Meebo chatroom. I’ve offered to pose some questions to the panelists from people who can’t be there [i.e. you, dear readers] though I’m a little worried this is late in the game for anyone heading to ALA. In any case, if there is a privacy-and-librarians topic that you are dying to ask a question about to these panelists, please put it in the comments here and I’ll be happy to do my best. Jenny Levine is the other guest blogger so stay tuned here and there for more information about this as it comes in.

VLA and VSLA pass library confidentiality bill

This is big news. The Vermont Library Association and the Vermont School Library Association have succeeded in passing “An Act Related to the Confidentiality of Library Patron Records” which tightens up some loose areas in Vermont’s current patron confidentiality laws. The governor signed the bill on Tuesday, just in time for the Vermont Library Conference.

You can read more about the process of getting the bill drafted and passed by looking at the Intellectual Freedom section of the Vermont Library Association website. Minor point of pride: I designed the VLA website, enabling just this sort of information sharing and updates and it makes me happy to see it being used to announce such good news.

friday evening linkdump of sorts

So, I don’t make you all sit through my deli.cio.us links auto-posting, but sometimes I have a few unrelated things to share that don’t really have their own full posts to go along with them. So here are a few things that are only sort of library related that I think you might be interested in.

“E-problem” puts 15,000 library patrons’ info on Internet

Please read this newspaper’s account of how 15,000 library patrons’ personal information — names, phone numbers, e-mail addresses, street addresses, children’s names and library card numbers — wound up accessible to the public as a result of… something happening to the systems at the Lakeland Library Cooperative in Michigan. That’s the rub, they’re not even sure. The interim director (what a lousy time to be an interim director) said that they “think there was a software malfunction” and then later in the article is paraphrased as saying “the library last month underwent a software upgrade on their system, but was not able to determine if that was the source of the problem.” Does this inspire confidence? No, it does not. E-problems?

Mistakes happen, we all know that, but this story tells me that either the reporter doesn’t understand computers enough to write about this incident, or that the person who runs the Library Cooperative does not understand what happened, or possibly both. I’m aware that there is always a third option, that they are trying to be deliberately obscure to keep people from hacking into their system, but if I were a patron of one of the affected libraries, I’d like mor information, a lot more. This is a file that is on the web, right? There should be log files that show how many times that page was accessed. Wouldn’t it be reassuring if that number was, say, three instead of perhaps a hundred? There is nothing on any of the Coop’s web sites about this incident even though the news story has been online all day (I found it through LISNews).

Oddly it looks like the previous director left the job somewhat mysteriously a few weeks ago. According to this short story, all the member libraries will be notified and 15000 new bar codes will be issued.

rfid library tags unlocked, vulnerable

RFID hacking in, among other places, libraries. More on RFID.

As he waves the reader over a book’s spine, ID numbers pop up on his monitor. “I can definitely overwrite these tags,” Molnar says. He finds an empty page in the RFID’s memory and types “AB.” When he scans the book again, we see the barcode with the letters “AB” next to it. (Molnar hastily erases the “AB,” saying that he despises library vandalism.) He fumes at the Oakland library’s failure to lock the writable area. “I could erase the barcodes and then lock the tags. The library would have to replace them all.”