Run, Hide, Fight

Surviving Workplace Violence

bar

On December 13th Library Director Susan Pieper with the Paulding County Library in Ohio offered this timely post on Publib:

I shared this short video with my staff during a staff meeting this fall.
Homeland Security released it and in light of the recent tragic shootings,
I think every library staff and every citizen should watch it.:
bar

bar

The video was produced with a Department of Homeland Security Grant by the City of Houston Mayor’s Office of Public Safety and Homeland Security. It includes three key concepts ~

RUN – When an active shooter is in your vicinity:

  • If there is an escape path, attempt to evacuate
  • Leave your belongings behind.
  • Help others escape if possible.
  • Prevent others from entering the area.
  • Call 911 when you are safe.

HIDE – When Escape is not possible:

  • Lock and / or blockade the door.
  • Silence your cell phone.
  • Hide behind large objects.
  • Remain very quiet.

FIGHT – As a last resort, and only if your life is in danger:

  • Attempt to incapacitate the shooter.
  • Act with physical aggression.
  • Improvise weapons.
  • Commit to your actions.

In addition to those key concepts of Run, Hide, and Fight – the video also discusses how to interact with law enforcement.

911 – When Law Enforcement Arrives:

  • Remain calm and follow instructions.
  • Keep you hands visible at all times.
  • Avoid pointing or yelling.
  • Know that help for the injured is on the way.

The information provided in the video has been endorsed by numerous law enforcement agencies.

Libraries are certainly not exempt from workplace violence. Many have disaster plans in place and policies and procedures that are meant to reduce the likelihood of violence. However, they are open to the public and certainly permeable to people with ill-intent.  Many are also open to an increasing population of concealed carry permit holders – including patrons and staff.

American Nut and Arms

American Nut and Arms

The discussion of concealed carry by staff and patrons played out as a major meme and theme on Publib at the end of 2011.  Many library staff members came out as staunch proponents of concealed carry.  Others could not see the point.  However, gunfire, gun-accidents, and gun related incidents all have one thing in common – the presence of guns.  With each act of random violence that plays out in the media, the reaction from a fearful public includes the purchase of more guns.  So, there is an ongoing expectation of gun violence and an ongoing increase of people armed with guns.

In addition to guns, the United States has another crisis of sorts – something that law enforcement and public libraries experience every day.  Psychiatric hospitals closed throughout the US in response to the 1975 Supreme Court decision in O’Connor v Donaldson that non-dangerous individuals cannot be confined and Addington v Texas requiring convincing evidence for involuntary commitment.  It was hoped that many of the abuses experienced by people involuntarily committed – as dramatized in One Flew Over the Cuckoos Nest  would be remedied. The number of beds for psychiatric patients in 1955 was one for every 300 Americans.  By 2005, that number was reduced to one in every 3000 with over 90% of those committed to forensic cases.  So, the reality is psychiatric beds are no longer available in the US and other institutions without specialized training - including public libraries - must cope with the repercussions.

Drugs such as Thorazine (chlorpromazine) have helped many people cope with mental health issues.  But, many people go untreated and the prison and jail populations have become the de facto mental health facilities – providing incapacitation often without any truly effective rehabilitative treatment options.  Many may come out worse than they were when they went in – maxing out their sentences in Supermax facilities in solitary confinement for 23 hours a day.

The State of Rhode Island has the highest rate of severely mentally ill people in the US – at around 7.4% – almost twice the average of other States*.  In addition, it has some of the highest rates of illegal drug use and highest rates of untreated drug and alcohol addictions. So, most public library directors in Rhode Island will interact with people with severe mental illness problems and drug and alcohol abuse problems.  Rhode Island also has some of the strongest gun control measures in the US – although that does not stop gun violence from occurring.  When you look at the big picture and consider the likelihood that you will interact with people who have guns, who have mental illness and may have ill intent – it is always best to be prepared.

I highly recommend that libraries partner with their police departments and look at the training offered by the Memphis CIT  program. Their de-escalation training works.  Community partnerships can save lives and help redirect people from jail and prison to appropriate mental health resources.

You might even upgrade some office supplies.

Thanks to Susan Pieper for sharing!

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the former Webjunction listserve and the current OCLC service are available here: Archives

bar

Disaster Planning

Post-Sandy Disaster Planning

bar

Water Buffalo Storage

How will you and your staff and patrons cope during and after a major weather event? Price gouging and panic buying all contribute to the detrimental effects of a disaster and anxiety over a potential disaster.

In Rhode Island, as soon as there is a storm approaching or the threat of a storm approaching  - hurricane – tropical – or snow – the local population typically goes out and buys all of the bread and milk out off the store shelves. They also buy up loads of bottled water and batteries.

When the power goes out, what are they going to do with all of that milk?  Batteries eventually discharge. Bottled water is not environmentally friendly, can cost 500 times as much as tap water and may even be very low quality.  If water service is interrupted and a water buffalo is all that is available – refilling bottles for daily needs is ineffective.

Sandy

Rhode Island - with the exception of the south-west coastal area - was very lucky during Sandy compared to New Jersey and NYC. We were spared much of the rain and our storm surge was less. After going through many potential and real weather emergencies in Rhode Island and coastal North Carolina, I was determined not to be price gouged or ill-prepared for weather.  Rather than scurry around trying to find items in high demand, I decided to put together a few items that can bring relative comfort when your infrastructure is compromised.  It takes me about 10 minutes to get ready for an infrastructure disaster.  Here is my short list:

Water Bag

Water Carrier

Coleman Expandable Water Carrier http://www.amazon.com/Coleman-Expandable-Water-Carrier-5-Gallon/dp/B000088O9Y- because your own tap water is much cheaper than bottled water and you can flatten out this jug and store it anywhere – you can also refill it from available water supplies efficiently – such as with a Water Buffalo deployed by the National Guard.

Portable Butane Stove

Butane Stove

Portable Butane Gas Stove  http://www.amazon.com/Portable-Butane-Stove-With-GASONE/dp/B001V72U36 – this will boil water – cook a skillet of food fast and is highly portable – a cartridge of butane lasts for a long time

Powdered Milk http://www.walmart.com/ip/10415475?adid=22222222227009265766 – doesn’t go bad for a long time – just mix what you need – this can be even cheaper than regular milk.

D Light Solar Lighting

Solar Led Lamps - http://www.amazon.com/d-light-S10-Solar-LED-Lantern/dp/B004B924OG/ – cheap, bright effective lighting

Hand Crank Radio

Hand Crank Radio

Hand Crank Radio - http://www.amazon.com/Ambient-Weather-Emergency-Flashlight-Certified/dp/B0071BTJPI/ – stay connected – recharge your cell-phones – even though you might not have service from damaged cell towers

Coffee Pot

Coffee Pot - http://www.amazon.com/Coleman-14-Cup-Enamelware-Coffee-Percolator/dp/B0009PUQI2 – boil water, make coffee, keep alert, stay happy!

This kit is just a little over $100.  You can also purchase all sorts of long-lasting food supplies. But, all of these items can also be used for camping – so your emergency kit has more that one purpose and will save you time and energy in the event of a disaster or the disaster that never comes.
I think I purchased the butane stove for around $20.  I have read that you can use them indoors like a regular burner on top of your regular stove.  The D-lights are very nice too – just leave them sitting in window sills in case the power ever goes out and they are always charged. They were developed for tropical conditions and are quite durable.  There are also lots of options with the hand-crank radios now and lower prices by quantity.  A five gallon collapsible container for water contains about as much as case of bottled water that can easily cost much more. If you calculate the cost of having to drive around and get the water, then it is even more and the quality of the water may be even less.  Powdered milk has a very long shelf-life and the cost at WalMart may be less than regular milk from the store.
With the portable stove, the Coffee Pot and a hot-water bottle, you can provide a nice source of warmth when temperatures fall.  Just heat up the water, pour it in the hot-water bottle and you can keep the chill off.  Most people I have met are fairly well prepared to go without infrastructure for about three days.  The items above can keep you somewhat comfortable longer than that.  The D-Lights I have used on low settings keep lit for about 8 hours.  Just set them back in the light during the daytime, and you have decent lighting overnight.  The hand crank radio / charger will keep you connected after your stock of batteries are depleted.  The butane stove cartridges will last a very long time.

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives  (Wait – they really aren’t anymore).

Archives compiled after Dec. 7, 2011 are available here: Archives

bar

Hacking Gmail, Amazon, and Apple

Hacking Gmail, Amazon, and Apple – Problems with Humans and Cloud Security

bar

Re-posted from SEC4Lib:

On Tue, Aug 7, 2012 at 8:41 AM, Blake Carver <btcarver@lisnews.com> wrote:

Here’s a follow up on that story from yesterday. It’s a good, short, read and has some really good lessons. I know I need to make some changes now.

“How Apple and Amazon Security Flaws Led to My Epic Hacking” http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

“I should have been regularly backing up my MacBook. I shouldn’t have daisy-chained two such vital accounts I shouldn’t have used the same e-mail prefix across multiple accounts I should have had a recovery address that’s only used for recovery without being tied to core services. I shouldn’t have used Find My Mac.” –

To me, this is the result of short-term profit maximization at the corporate level mixed with the path of least resistance at the user level.  Companies can operate cheaper, more efficiently up to the point of the hack in the cloud and maximize profits.  Users don’t have to do too much to enjoy the convenience of the cloud up to the point of the hack.  Yet, with each successful hack, the knowledge of how to hack becomes known globally – greatly increasing risk to all users and all companies using the cloud.

When I did a quick security review of Ocean State LIbraries, Sacramento Public Library, and The Library Connection last year, even fundamental security measures were not being taken:  http://bestofpublib.wordpress.com/2011/05/15/pubic-library-security-insecurity/

Library Fight Club

Fortunately, OSL did step up their security a bit with pins, but it created inconvenience to the administrators and the users.  One of the librarians who witnessed the events leading to the change told me that the battle for security over short-term convenience was ugly but she did not want to speak about it publicly. I can understand that - given the justifiable paranoia over having the circulation records used for identity theft and no one wanting to take responsibility.   But, all it takes is just a bit of laziness at the top levels and bad policy to put everyone at risk. And, unfortunately, the first rule of Library Fight Club is not to talk about Library Fight Club so everyone does not know of the risk. Knowledge of risk is limited to insiders who may not know how to manage risk and insure accountability.

I think the real point of the Mat Honan article  is that the writer was not dumb – he is most likely in the top 2% of people who understand technology.  So, every ‘error’ he made – which would not be considered errors by the other 98% of us - is a risk.

The people working in libraries most likely represent the upper 30 or 40% of people who understand technology simply by being surrounded by books and publicly paid for technology.  But, as gatekeepers to those resources they create the impression of expertise.  Some are experts, but really most are not.  Standing next to a pile of books does not mean you read them.  Being able to turn on a computer does not mean you know how it works.  Being responsible for information security does not mean that the information is secure.

What we can take from the Mat Honan article is the humility of the author in showing that he failed himself and should have known better.  There are many, many people in administrative positions including libraries that are responsible for information security who would never admit that they know not what they do.  There are many, many people in corporations that will never admit or may not even know that their systems have been or are compromised.  All we can hope for is strong laws that mandate reporting and at least a few people such as the author of the Wired article to own up to what they do not know as an example for the other 98% of us.

It used to be that you would need to be able to configure Satan and really have a strong grasp of command line interfaces and operating systems to be a hacker.  You really would need advanced knowledge and some fairly sophisticated resources to hack. Not any more.

Backtrack : http://www.backtrack-linux.org/  can be installed very easily and used by novice hackers with ill intent utilizing easy to follow step-by-step instructions on Youtube.  Just using one of my high gain antennas with a little laptop, I can war drive or sit in my house and see many, many exploitable WIFI services locally with little or no protection. I could crack a WEP in about 2 minutes, but so many people now rarely even bother to protect their WIFI. They are just happy that it works out of the box.  As an ethical hacker, I will never exploit those vulnerabilities.  But, the time when exploitation was limited to those with wilful intent, advanced knowledge of computer systems along with strong social engineering skills has passed. We are now in an era where a hack can be easily accomplished with a bit of simple social engineering (SPOKEO anyone?), the intent and common access to a computer. In fact, with very little knowledge about computer systems it would be very easy to inadvertently exploit a system using Backtrack without intent.

I think one of the upsides of less need for advanced knowledge is that we are now seeing powerful cases being built against companies from the digital forensic side where they are doing some pretty sleazy things at the highest level:  http://www.sfgate.com/business/bloomberg/article/Standard-Chartered-Falls-Most-in-24-Years-on-N-Y-3769142.php  In the paper age, the information about these sorts of activities was much easier to control and compartmentalize.  Automated computer forensic tools can greatly simplify investigation without requiring advanced degrees in computer science to operate.

*******************

Robert L. Balliot

http://linkedin.com/in/robertballiot

http://bestofpublib.wordpress.com

http://www.facebook.com/robert.balliot

http://oceanstatelibrarian.com/contact.htm

*************************************************

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives  (Wait – they really aren’t anymore).

Archives compiled after Dec. 7, 2011 are available here: Archives

bar

Saggy Pants

Fashion Police at the Library – No Ifs, Ands or Butts . . .

bar

Melissa Davidson - Staunton, Virginia asks: 

How are you handling the saggy pants trend? I’m talking about when the waist of the pants is clearly below the bum and heading towards the knees.

To which the Publib Chorus responds:

1920s woman daring to wear pants!

1920s woman daring to wear pants!

Wendy Wright – Denman Island, BC CANADA  ~ Ridiculous though the style is, my crystal ball offers some predictions for five years from now if we try to control teens’ ever-changing fashion trends. In 2017…

  • ~ No-one will be wearing sagging pants.
  • ~ Today’s teens will be voting, taxpaying adults.
  • ~ Those adults will not be using or supporting a library where they once felt unwelcome or talked down to.

Melissa does not specify teens in her query, yet most of us assume we are discussing this age group. For a bit of perspective, we might ask ourselves whether we would follow through on an adult infringement of a rule governing dress. For example, if we are comfortable suggesting to an adult patron that her shirt emblazoned with expletives is inappropriate in the library, but would then tactfully ignore a 30-year-old’s colourful boxers, then our library’s policy should reflect that practice, for all patrons. It is easy to fall into the trap of creating double standards for adults and teens, who have a nose for hypocrisy.

Jacobean Embroidery Leaf

Jacobean Embroidery Leaf

Nann Blaine Hilyard ~  In our community there are adults who wear saggy baggy pants.  Not as saggy as the teens but plenty baggy.  The current  fashion is that the back pockets (which fall on the thigh rather than the butt) have lots of embroidery.    The  juxtaposition is that men with saggy baggies accompany women in leggings (and jeggings, which are stretch denim leggings). Often the women are plump.  (Where are Stacy and Clinton (What Not to Wear) when we need them?)

Angela Morse ~ http://www.youtube.com/watch?v=tMwhl4IrPNc Pants on the ground….

Chris Rippel – Great Bend, Kansas ~  Make sure actions against sagging pants don’t expose your own fannies. *Library Law: Constitutional and Unconstitutional Patron Appearance and Behavior Policies: A Review* By James W. Fessler and E. Kenneth Friker, Klein, Thorpe and Jenkins, Ltd.  February 27, 2008 http://www.nsls.info/articles/detail.aspx?articleID=186

Lisa Richland – Greenport, NY ~ Melissa- Are you talking about patrons or staff?  Because I ignore the patrons’ dress habits, and tell staff when their dress is inappropriate.  In the case of staff, those low hanging trousers are in addition an impediment to mobility. And if it is just the aesthetics of the style, I avert my eyes.

Dusty Gres – Vidalia, GA ~ Depends on what else is showing, actually, but here is a true story in the daily life: One of my Branch Clerks is a retired (25 years) Army Master Sergeant. I recently overheard this transaction:

  • Clerk to teenage patron:  There you go. I think you will really like this book. Have a nice day, and son, pull up your pants.
  • Patron:  pulled up his pants

Janet Lerner ~ We’ve posted an excerpt from Philadelphia Mayor Nutter’s speech  http://www.washingtontimes.com/news/2011/aug/8/mayor-talks-tough-to-black-teens-after-flash-mobs  in the Young Adult section of our library, as follows:

“Pull your pants up and buy a belt ’cause no one wants to see your underwear or the crack of your butt.’ If you walk into somebody’s office with your hair uncombed and a pick in the back, and your shoes untied, and your pants half down, tattoos up and down your arms and on your neck, and you wonder why somebody won’t hire you?” “‘They don’t hire you ’cause you look like you’re crazy,’ the mayor said.”
Jawaharlal_Nehru

Nehru in his jacket

Steve Benson ~ I think it’s a goofy fashion but any goofier than bell bottoms or nehru jackets? The boys aren’t exposing their back ends because they seem to always have very nice underwear to go with the saggy pants. My response is to ignore it.. . . But why do you hope they listen?  Doesn’t every generation challenge the tastes of their elders?  My flag and bra burning, tie-dye and bell bottom wearing, free loving, status quo disdaining contemporaries mostly grew up to be conservative republicans.  Wait out this current young generation, ignore where the waistline of their pants falls to, and eventually they will age into us.  What is really worth paying attention to are the thoughts rattling around in their minds.

Andrea Philo – Norristown, PA ~ Our security put up signs:  Hoods Down, Pants Up. They monitor compliance.

Chris Truex ~  What’s with these kids, with their hula hoops and hippity-hop music!? Get a haircut! I don’t understand why some 13 year old girl can walk around in spandex with “Juicy” across the backside, and there are no policies for that, but seeing 2 inches of some kid’s boxer shorts causes a riot.  Why in the world does anyone care about kids sagging? I’m sure constantly hassling them about style will do wonders in terms of outreach.

Shahin Shoar ~ Let them be!  What I find not so pleasant is seeing half of someone’s back end hanging out when sitting on a chair or bending down to look at lower shelves;but hey that’s life, not everything is pleasant to my eyes!

Manya Shorr ~ Shouldn’t the issue be behavior and not dress? We really shouldn’t let our personal tastes get in the way of good public service.

Joseph N. Anderson – Logan, Utah ~ I’m surprised that this trend is back again. In the late 90s, I was one of those kids who probably disturbed the library staff with some of my fashion choices including sagging pants. Thankfully, the staff never turned it into a bad library experience for me.

Kevin Okelly – Somerville, MA ~ Ah yes, I’ve seen quite a lot of posterior cleavage.

Ann Hall ~  It should be behavior and not dress.

ConnieJo Ozinga ~ Kevin O’Kelly posted:  Ah yes, I’ve seen quite a lot of posterior cleavage. I don’t think you need sagging pants for this.  We have just finished an interior renovation/construction project and I saw way too much posterior cleavage from those crews.

Jo Choto – Frederick, MD ~ If obscenity laws aren’t contravened, I don’t see that it matters if young men want to waddle around like penguins.  Essentially, their butts are covered by something, whether it’s several sets of shorts or long shirts, so no harm, no foul.  I am more troubled by pre-teen/tween girls who are barely covered at all, though this isn’t such a big problem in the winter!

Darryl Eschete ~  If a kid’s pants are an obvious hindrance to his safe and proper movement, we will ask the kid to pull them up lest they trip and fall on the stairs. I personally have also asked kids who drag their feet (and untied shoes) to tie their shoes and walk correctly, as their shuffling steps make a lot of noise. Dress and behavior are related and can have this sort of complicated interplay. Pardon me. I meant “…lest *HE* trip and fall on the stairs.”

Heian Fashion

Heian Fashion

Kathleen Stipek ~ I think that it is a very bad idea to pass laws about the droopy drawers look.  Some young men are very concerned about the aesthetic of the look.  I have seen some wearing multiple layers of skivvies that are as carefully color-matched as a Heian lady’s sleeves dangling outside her screens.  I have also seen some that suggest to me that laundry soap is not part of a particular young man’s knowledge base.

If we truly want to lose this look, the law side is a bad one as are injunctions from elders which merely turn droopy drawers into a rebellion and perhaps even a matter of principle.   What we need will cost some money, but it will be brutally effective.  Young women whom these young men would love to impress need to be recruited and tested for loud, high-pitched, giggles.  Little groups of 2 or 3 should be posted strategically in any given area, and whenever they see some droopy drawers, they point, giggle, and shriek with laughter.  The young men may begin wearing their pants up around their armpits, but that’s a risk we have to take.  The young women will have to be paid something for each session, but the price and the shrieks will be worth it. Cruel, I know, but desperate times call for desperate measures.

Julie Andrews ~ I’m not at all bothered by people with hoodies up. Half the population is walking around like that! It’s cold!!! Even if it’s not as cold indoors, it’s just easier to leave it up.Take it off and you have messy hair. Surely hood-head is a fashion faux pas too?

Tina Shelton – Carrollton, TX ~ I just have to comment because I saw a young man WAS wearing a belt on his saggy, baggy britches!  The shorts that show  are the top pair over a bottom pair of underwear. My question is why bother?  I have to be careful because every time I see this type of outfit, I just want to smirk loudly.

Prison Fashion

Prison Fashion

Chris Ely  ~ Why bother? It’s fashion. Though back when I was working at a place where part of my job was dealing with juvenile offenders. I was told by juvie officials that it began due to a prison having the bright idea to issue pants to prisoners that were too big, to reduce the number of fights and other incidents by keeping one hand occupied keeping their pants up. The thinking was the last thing most people would want to do in prison is drop trou.

Apparently it backfired and became an “I’ve done time” status symbol for former prisoners, then it bled over into just being cool. Not sure how accurate that story was, but it was nearly 20 years ago and the style is still out there. Each time I see it, I wonder how true that story was and what the teens and young adults who wear their pants halfway down to their knees would think if they knew the supposed story behind the fashion.

Sarah Jesudason  ~ This is the second reference to saggy pants being a “prison cred” thing I’ve seen today. But my mental image of what prisoners wear is jumpsuits, not jeans and shirts. Alrighty, who on PubLib has done time and wants to comment on their attire in the Big House?

Carolyn Rawles-Heiser – Corvallis, OR ~ Regarding prison attire–when I went on a tour of the Nevada State Prison a few years ago as part of a state commission, we were told not to wear denim because the prisoners wore denim jeans and blue workshirts, and if there were a riot or  disturbance, the guards would be able to pick the visitors out more easily (and not shoot us, I suppose).

Ancient Cowboy Templar Belt

Ancient Cowboy (Templar) Belt

Kathleen Stipek ~ I have seen young men sporting the droopy drawers look who accessorize with belts.  In a few cases, I have seen enormous cowboy-style buckles on those belts which seem to be pressing on what is, in most gentlemen, a very sensitive spot. I guess it is a willingness to suffer for fashion akin to a woman’s wearing 4-inch stilettos.  As someone who prefers to sacrifice style for comfort, I don’t get it, but then I don’t have to.  The entertainment value is enormous, and in these troubled times, a good giggle never hurt anybody.

Steve Benson ~ Sagging pants was a big issue for a recent Dallas, Texas mayor.  The link is to an article about it and includes picture of a billboard and a rap song from his campaign against sagging pants. http://www.npr.org/tablet/#story/?storyId=15534306

Jesse Ephraim  ~ It doesn’t bother me at all, as long as they are wearing underwear.  It’s not my job to police fashion trends.

Brenda McKinley – Newtown, CT  ~ I keep waiting for someone to request: Enough already, can we please drop the saggy pants?  On the other hand…I guess that’s the fear that started this whole thing.

Bessie Makris – Fort Wayne, IN ~ I think that librarians should also start wearing sagging pants.  Co-opt the style and teens will finally drop it. <g>

Emily Weak ~ I would imagine that whoever worries about injury liability at your library could get a “patrons need to wear shoes”  policy put in place, regardless of health code policy.

Moses and Joshua Bearing the Law

Thou Shalt Not Sag

Susan Pieper – Paulding, Ohio ~ This “sagging pants” thread makes me think of a joke our Pastor told at church this week.

A sixteen year old son wanted to borrow the family car. Father said, “Son, when you bring up your grades to a B average, and study your Bible more, and cut your hair, then we will talk about you using the car.” So, the son brought up his grades to a B average and started reading the Bible more. He went to his Dad and said,” Dad, I’ve been reading the Bible more and Samson had long hair, Noah and Moses had long hair, and there is reason to believe that Jesus had long hair.” To which the Dad replied, “Yes son, and to get around, they all walked.”

Jo Choto ~ Judging by the overwhelming response to sagging pants, may I suggest the following topics for another free for all:

  1. Patrons that leave a cigarette-stink on library items;
  2.  Patrons who ask for your help, then get on their cell phone but expect
    that somehow you continue to assist them;
  3. Patrons who stand in a line six or eight deep for some time, but wait
    until they reach the desk before spending 10 minutes looking for their
    library card;
  4. Patrons who fail to follow instructions for self check out and then
    complain that the machine doesn’t work.

Steve Benson ~  And furthermore . . . Men in green or red plaid golf slacks should be banned from public view as should older gentlemen who pull their slacks halfway up to their chin.

Robert Balliot – Bristol, RI ~ First they came  for the sagging pants, and I did not speak out because my pants did not sag . . .

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives

Archives compiled after Dec. 7, 2011 are available here: Archives

bar

Publib Topics – A Graphic Retrospective – November 2011

Beware Graphic Content Ahead!

 
This graphic image  or word cloud was created using Wordle. It is derived from the subjects and authors of postings in PubLib for November 2011. The size of the graphics is directly related to the number of un-weighted unique occurrences each month of the individual words represented. Most automated graphic processes that generate these types of word clouds use additional weight for H1 – H6 tags through feeds. These graphics are not processed with H1 – H6 tags. The titles and authors were copied to Notepad and stripped of all HTML before being run through the Wordle Java platform. The process is case-sensitive so Library is not the same thing as library.
 
The most prominent word without employing filters would have been PublibPublib and Fwd were deleted from the plaintext files before processing. In addition, the Wordle program automatically disregards articles, conjunctions, and prepositions.
 
 
Publib Topics November 2011

Publib Topics November 2011

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives

Archives compiled after Dec. 7, 2011 are available here: Archives

bar

halloPublib Topics – A Graphic Retrospective – October 2011

Beware Graphic Content Ahead!

 
This graphic image  or word cloud was created using Wordle. It is derived from the subjects and authors of postings in PubLib for October 2011. The size of the graphics is directly related to the number of un-weighted unique occurrences each month of the individual words represented. Most automated graphic processes that generate these types of word clouds use additional weight for H1 – H6 tags through feeds. These graphics are not processed with H1 – H6 tags. The titles and authors were copied to Notepad and stripped of all HTML before being run through the Wordle Java platform. The process is case-sensitive so Library is not the same thing as library.
 
The most prominent word without employing filters would have been Publib.  Publib and Fwd were deleted from the plaintext files before processing. In addition, the Wordle program automatically disregards articles, conjunctions, and prepositions.
 
Some of the more viral discussions included: Public Library Halloween Celebrations,   Ethical Question  regarding employee time at conferences,  Self-Published Titles Study Room Polices , Maximum Fines ,  and Unwelcome Patrons in Children’s Area .
Publib Topics October 2011

Publib Topics October 2011

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives

Archives compiled after Dec. 7, 2011 are available here: Archives

bar

Publib Topics – A Graphic Retrospective – August 2011

Beware Graphic Content Ahead!

 
 This graphic image  or word cloud was created using Wordle. It is derived from the subjects and authors of postings in PubLib for August 2011. The size of the graphics is directly related to the number of un-weighted unique occurrences each month of the individual words represented. Most automated graphic processes that generate these types of word clouds use additional weight for H1 – H6 tags through feeds. These graphics are not processed with H1 – H6 tags. The titles and authors were copied to Notepad and stripped of all HTML before being run through the Wordle Java platform. The process is case-sensitive so Library is not the same thing as library.
 
The most prominent word without employing filters would have been Publib. Publib and Fwd were deleted from the plaintext files before processing. In addition, the Wordle program automatically disregards articles, conjunctions, and prepositions.
 
 
Publib Topics August 2011

Publib Topics August 2011

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives

Archives compiled after Dec. 7, 2011 are available here: Archives

bar

Publib Topics – A Graphic Retrospective – June 2011

Beware Graphic Content Ahead!

 
This graphic image  or word cloud was created using Wordle. It is derived from the subjects and authors of postings in PubLib for June 2011. The size of the graphics is directly related to the number of un-weighted unique occurrences each month of the individual words represented. Most automated graphic processes that generate these types of word clouds use additional weight for H1 – H6 tags through feeds. These graphics are not processed with H1 – H6 tags. The titles and authors were copied to Notepad and stripped of all HTML before being run through the Wordle Java platform. The process is case-sensitive so Library is not the same thing as library.
 
The most prominent word without employing filters would have been Publib.  Publib and Fwd were deleted from the plaintext files before processing. In addition, the Wordle program automatically disregards articles, conjunctions, and prepositions.
 
This month and the month of May featured lively discussions of concealed carry of guns by library staff and others in libraries, Save the Libraries, Fire the Librarians, and Farting Patrons.
 
Publib Topics June 2011

Publib Topics June 2011

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives

Archives compiled after Dec. 7, 2011 are available here: Archives

bar

Library Security and Insecurity : Sacramento Public Library , Ocean State Libraries and The Library Connection

Library Security and Insecurity  – A Brief Risk Assessment

~ Robert L. Balliot, MLIS

Anne Frontino of the Haddonfield Public Library in New Jersey queried the PubLib Listserve about  privacy and possible misuse of library barcodes on smartphones remarking:

Our library is considering allowing patrons to use barcodes scanned onto their smart phones to check out books.  …    We have only had a few instances of patrons trying this method of checking out items, but we feel that there may be some privacy or other misuse issues lurking.

barcode

Responses varied from Manya Shorr of the Sacramento Public Library advocating for use of barcodes without requiring authentication  to Dale McNeill of the Queens Library advocating familiar authentication such as PINs.  

It was obvious that there is no universally accepted standard for securing library user information, yet privacy is a cornerstone of libraries, library ethics, and the library profession.  In fact, a privacy guarantee may be the one thing in the information age that sets libraries apart from other massive information resources.  It may be the singular added value that provides validation of libraries as a public service.

Library records and library use are afforded privacy protection by statute and / or published opinions in the fifty States and the District of Columbia. Many states have enacted Security Breach notification laws and Data Disposal laws that safeguard privacy. Library user privacy is also championed by the American Library Association  Code of Ethics specifically through Article III:  

We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.

These statutes, ethics and opinions can create formidable barriers to unlawful, unwarranted electronic discovery.  However, dramatic changes to the traditional library information environment have led to a general failure of libraries to provide security of library records and transactions and fulfill professional and statutory guarantees of privacy.  As a result of those dramatic changes, library usage represents a massive opportunity for legitimate and illegitimate electronic discovery.

In 2009 the HITECH Act was passed to specifically address privacy of health records in the United States in conjunction with HIPAA.  The process promulgated for securing privacy of health records could be effectively applied to safeguard library records – the technology is the same and the security issues are similar. Libraries and health care providers are both required to safeguard the privacy of user records.  Health care records and library user records are both defined as protected information resources.  But, unlike libraries as a result of HIPAA and HITECH the custodians of health care records must now undergo a risk assessment to identify how breaches of privacy may occur.

Enigma

Enigma Encryption Device

If risk assessments are not being conducted by libraries, how well are Libraries securing user information? Thousands and thousands of library records have been compromised and hacked. Nothing mandates risk assessment of library privacy and information security. Yet, the laws and opinions in all 50 states and DC define library user information as private and protected. 

What is the ongoing risk of exposing library user information? Huge. Three Library systems are reviewed here for the most basic levels of information security for users  - Encryption, Authorization and Authentication and Agency of ownership applied to Library Catalogs and Websites.

library Sacramento Public Library – Sacramento, California

The Sacramento Public Library serves  over 600,000  users with 28 libraries.  According to Manya Shorr, the SACPL also allows use of un-authenticated barcode images on smartphones as an alternative to a library card.

California Statutes :  Security Breach, Data Disposal and Library Records Privacy

Catalogencore © Innovative Interfaces, Inc.

Encryption - The SACPL catalog employs https SSL for user login.  The catalog does not employ https SSL  for non-login searches.

Authorization and Authentication -  User login requires Barcode or User Name AND PIN

Agency - The SACPL  catalog employs third-party Google Analytics to track and store user information - script from SACPL catalog:  

var _gaq = _gaq || [];    _gaq.push(['_setAccount', 'UA-8159966-1']);    _gaq.push(['_trackPageview']);    (function() {      var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true;      ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl&#8217; : ‘http://www&#8217;) + ‘.google-analytics.com/ga.js’;     var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s);    })(); 

Website – The SACPL Employs Google custom search - an outside agency not under control of SACPL which tracks and stores user information

Sacramento Public Library Risk Assessment -  Fail

Non-login catalog searches appear to be transmitted in the clear. Login catalog use and non-login catalog use is tracked by Google – a third-party not controlled by the SACPL.  Searches of the SACPL website employing Google custom search is third-party data collection not controlled by SACPL.  In addition, risk of in-person identity theft is compounded by reliance on staff to authenticate based on suspicion.  How is reasonable suspicion quantified and qualified with 28 libraries and 600K users?

library Ocean State Libraries – (library consortium)  - Rhode Island

The Ocean State Libraries (OSL) consortium (formerly CLAN) includes 49 public libraries of Rhode Island and over 500,000 user records.  In 2003 a long-term employee of the Warwick Public Library – the home of the Ocean State Libraries offices – was charged with stealing library user identity to obtain credit cards.  Each employee with access to the circulation modules of the consortium is able to access library records and personal information for other users of the integrated library system.  So, at the time when charges were filed all of the patron records for all of the libraries were potentially breached.  Subsequent meetings of the OSL voting membership  – library directors – discussed some of the security concerns of  retaining drivers license numbers and social security numbers within the database.  Some consideration of standardizing security of data was profferred.   Arguments were made that the easiest thing to do was not to require PINs or other authentication and leave data collection and retention as a decision at the local level.

Rhode Island Statutes :  Security Breach, Data Disposal and Library Records Privacy

Catalogencore © Innovative Interfaces, Inc.

Encryption - The OSL catalog uses https SSL to encrypt login to user accounts.  The OSL does not employ encryption for non-login catalog searches – all searches appear to be transmitted in the clear.

Authorization and Authentication - The OSL catalog does not require authentication of user accounts through a PIN – merely knowledge of a simple numeric 14 digit bar code. 

Agency – It is unclear how information is shared with external agents – however, patron data is shared throughout the consortium and is not compartmentalized.

Website – OSL website user information is shared with and tracked utilizing Statcounter.com – a service out of Ireland.

Agency - User information is shared with and tracked utilizing Statcounter.com – a third party service apparently managed out of Ireland.  Statcounter script is rendered as invisible, secreted tracking without informing visitors of its use within the website code – script from OSL website  :

 Start of StatCounter Code –>
<SCRIPT type=text/javascript>
sc_project=1420372;
sc_invisible=1;
sc_partition=11;
sc_security=”7885d9a5″;    . . .

Ocean State Libraries Risk Assessment -  Fail

No authentication of library catalog users – creating high risk of exposing user data. Non-login catalog searches appear to be transmitted in the clear without encryption.  Use of website employing Statcounter.com aggregation of user data is third-party data collection by an agency not controlled by OSL – with servers storing data about user sessions apparently located  in Ireland. Although security of patron records has been breached in the past, compartmentalization of records does not appear to have taken place.

library  The Library Connection – (library constorium) – Connecticut

Janus

Janus

The Library Connection serves  27 public and academic libraries  in the State of Connecticut.  The Library Connection librarians achieved some notoriety within the world of librarianship from their challenge to a National Security Letter and willingness to go to the mat along with the ACLU to defend the privacy of their users against law enforcement  in John Doe v Gonzales.   How does this library system employing librarians willing to secure and protect patron information from law enforcement review face user information security in general?

Connecticut Statutes :  Security Breach, Data Disposal and Library Records Privacy

Catalog - The Library Connection consortium employs the SirsiDynix integrated library system

Encryption - The login connection to the Library Connection catalog does not employ https  SSL.

Authorization and Authentication - A name and PIN or a barcode number and PIN are required for access to library user record.  However, since that information is apparently transmitted in the clear instead of encrypted using https SSL  – identity theft and harvesting of PINs with names and PINs with barcode numbers could be easily accomplished.

Agency - It is unclear how data is shared.  Library Connection privacy policy states

Information on non-Registered Library Users: No information is collected on library users who do not register as patrons. Some member libraries may collect the names of those who wish to use library computers to access the Internet. We encourage these libraries not to retain this information longer than three days.

Website - Immediately upon entering the Library Consortium website, user data is shared with and tracked by Google analytics

The Library Connection Risk Assessment -  Fail

No apparent encryption of library users logins. Non-login catalog searches appear to be transmitted in the clear.  Use of website employing Google analytics  is third-party data collection – an agency not controlled by the Library Connection – which appears contrary to the Library Connection policy on non-registered users.

Risk Assessment Summary -

The ongoing risk  to library user privacy is huge. This brief survey only touches on a few of the many current insecurities of library user information. Insecure user privacy practices represented in this brief risk assessment affect the privacy of over one million library users –  just at these three library systems. The privacy standards outlined by Article III of the ALA Code of Ethics may be comprised for convenience even by large library systems.   The ongoing erosion of user privacy in libraries to faciliate ‘ease of use’ by librarian and patron without regard to standard information security practices and ethics threatens the foundation of libraries as viable professional public services.

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives Please note: HTML is stripped out of archives. Compose in plain text or richtext.

 

Winter Driving

Elisa Babel, MLS

With winter soon to be upon us, I’m reposting the driving tips (with a few additions)  from my post in February 2010A winter wonderland is fun to imagine but not so much if you have to drive in it.

♦  Check your local jurisdiction about street parking during snow emergencies.

♦  If you take public transportation, check on service operations when snow is forecasted.

♦  If you have garage parking at your library or at a public garage, park there on days that snow is forecasted.  It will help to keep you and your car clean and dry.

♦  If you are parking outside, invest in a car cover from an auto store and use it when snow is forecasted.  Scraping ice off your windshield is no fun.

♦   Got that windshield scraper?  Full gas tank? Fully charged cell phone?  Emergency numbers if you get stuck?

♦   Tune into your favorite news station (TV or radio) for traffic reports and updates–conditions can change without warning.

♦   If you’ve got a back windshield wiper, use it!  While driving, snowflakes can accumulate on the back windshield too.

♦   Be aware of “disappearing” lanes and odd traffic patterns.

♦  Keep your distance behind road treatment trucks and other equipment.  They don’t go very fast!

♦  Turn on your headlights!   Daytime headlights won’t cut it.

♦   Stick to the main roads. Your favorite back road or short cut may be too dangerous to travel during a snowstorm.

♦   If your library closes early for snow and/or it’s snowing when you leave, take something to drink and a small snack in your car.  You could be in for a longer drive home than usual.  Same goes for public transportation.

♦  Take your time driving.  You will be going slower than posted speed limits. 

♦ Once you’re safely home, don’t go out unless it’s necessary!

Follow

Get every new post delivered to your Inbox.

Join 177 other followers