Tuesday, July 26, 2011

New Privacy Protections for Library Patrons Coming to California

Some good news to report today. Thanks to a bill by State Senator Joe Simitian - recently signed by the Governor - new privacy protections for library users will take effect on January 1st. There are a lot of reasons why this extra layer of protection was needed - namely the digitization of books and the long record of Patriot Act violations of reader privacy. 

Because libraries were established before the advent of the internet, an individual’s interaction with the library outside of circulation was not protected under state law. It was this loophole that SB 445 will close.

As the San Mateo Daily Journal notes, "Until the bill takes effect, state law provides for limited privacy protection for “registration and circulation” records but is largely silent on privacy protection for the many online interactions a user has through public libraries, including items such a emails or text messages, online courses, computer research and online records of items checked out. Before the Internet, library requests were typically all oral or hand-written...Nowadays, however, librarians more frequently interact with their patrons electronically."


The law should help maintain a person’s medical privacy, for example, if inquiries are made to the library for certain conditions...The new privacy protection could also protect against potential stalkers...


Until the beginning of 2012, all emails, text messages or any other digital correspondence at the library is considered a part of the public record. That fact could potentially allow anyone to access the correspondence through a public records request, possibly exposing heaps of private and sensitive information to the general public.

It is essential to safeguard reader browsing, buying, and viewing of information that could reveal such private information - like political and religious beliefs, health concerns, and personal lives. Do we really want our reading history collected, analyzed, and turned over to the government or third parties without our knowledge or consent.

The concerns of privacy advocates are not hypothetical. Our country has a long history of government efforts to compel libraries and booksellers to turn over customer records and information. Why would anyone believe, particularly after the warrantless wiretapping scandal, that the government won't continue and expand this tactic?

Let me quote the Electronic Frontier Foundation's (a leading advocate for this legislation) Rebecca Jeschke , who wrote, "...the books we choose to read reveal private information about our political and religious beliefs or interests, our health concerns, our financial situation, and our personal and professional lives. Maintaining reader privacy is fundamental to the dignity of Californians, and this principle is well ensconced in state law.  However, with the market for digital books exploding, the law needs an update for the 21st Century.

In Florida, marketers and politicians were requesting email addresses from libraries," said Minow. "This was an awakening to me that we needed to update our laws in California."


A library is now more than just a place to check out books. Computer terminals dominate the floor where bookshelves once stood. Online classes are now replacing the traditional summer reading programs. In this digital environment, patrons' privacy rights were not always protected.

With the new types of interaction and activity between libraries and their patrons, there was no updated code or privacy law to reflect that. Each library had its own privacy regulations with the level of privacy afforded to patrons up to the discretion of the library. With Gov. Jerry Brown signing Simitian's bill into law earlier this month, there is now a uniform across-the-board approach providing full privacy to California library patrons.

Though there were some concerns in the Legislature that the bill would diminish the ability of law enforcement to retrieve library records, the measure was amended to ensure law enforcement would have continued access to all records under legitimate circumstances, such as a court order. Law enforcement will still need a search warrant to obtain library records.

And of course, there's the issue of digital books, which will store data that can include books browsed, how long a page is viewed, and even the electronic notes written in the margins. It's not hard to see the detailed portrait this could paint of your life. 

Thankfully, there's another bill in California that would provide privacy protections for digital book readers too. Without such legislative protection, you can imagine how tempting this information could be to the government or other litigants, like those involved in divorce cases, custody battles, or insurance disputes.

In the case of digital books, we're not talking about just another library - librarians utilize a different standards for dealing with user information than does the online world. Many libraries routinely delete borrower information, and organizations such as the American Library Association have fought hard to preserve the privacy of their patrons in the face of laws such as the U.S. Patriot Act.

Senate Bill 602 (Yee) would update privacy protections in the digital age by preventing the disclosure of information about readers from booksellers without a warrant in a criminal case or a court order in a civil case. It also requires booksellers to report the number and type of requests they receive to track government demands for reader information. Without such protections, we're talking about a virtual one-stop shop for government and third party "fishing expeditions into the personal details of our lives."

Again, these concerns are not hypothetical. In 2006, the U.S. attorney subpoenaed Amazon for the used book purchase records of over 24,000 customers in the course of a grand jury probe investigating a single individual.

The good news was a federal judge agreed that Amazon should not have to turn over this information about its customers, saying that if word spread over the Internet that the federal government was probing book purchase information, “the chilling effect on e-commerce would frost keyboards across America." 

The ACLU does a good job framing the issue in their Google Book search campaign: What you choose to read says a lot about who you are, what you value, and what you believe. That’s why you should be able to learn about anything from politics to health without worrying that someone is looking over your shoulder. The good news is that millions of books will be available for browsing and reading online. The bad news is that Google is leaving reader privacy behind. Under its current design, Google Book Search can monitor the books you browse, the pages you read, and even the notes you take in the "margins." Without strong privacy protections, all of your browsing and reading history could be collected, analyzed, and turned over to the government or third parties without your knowledge or consent.

Again, thanks to the Patriot Act's "sneak and peak" provision, for the first time in American history, FBI agents are authorized to conduct searches of homes and offices and confiscate your personal property without first notifying you of their intent or their presence. Similarly, the FBI now has the right to come to your place of employment, demand your personal records and question your supervisors and fellow employees, all without notifying you; allowed the government access to your medical records, school records and practically every personal record about you; and allowed the government to secretly demand to see records of books or magazines you’ve checked out in any public library and Internet sites you’ve visited. In fact, at least 545 libraries received such demands in the first year following passage of the Patriot Act.

In other words...this is a VERY REAL privacy threat...one that these bills at least begin to address.

No comments: