Publib Topics – A Graphic Retrospective – May 2011

Beware Graphic Content Ahead!

 
 This graphic image  or word cloud was created using Wordle. It is derived from the subjects and authors of postings in PubLib for May 2011. The size of the graphics is directly related to the number of un-weighted unique occurrences each month of the individual words represented. Most automated graphic processes that generate these types of word clouds use additional weight for H1 – H6 tags through feeds. These graphics are not processed with H1 – H6 tags. The titles and authors were copied to Notepad and stripped of all HTML before being run through the Wordle Java platform. The process is case-sensitive so Library is not the same thing as library.
 
The most prominent word without employing filters would have been Publib. Publib and Fwd were deleted from the plaintext files before processing. In addition, the Wordle program automatically disregards articles, conjunctions, and prepositions.
 
This  month featured a lively Rapture discussion
 
Publib Topics May 2011

Publib Topics May 2011

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives

Archives compiled after Dec. 7, 2011 are available here: Archives

bar

Publib Topics – A Graphic Retrospective – April 2011

Beware Graphic Content Ahead!

 
This graphic image  or word cloud was created using Wordle. It is derived from the subjects and authors of postings in PubLib for April 2011. The size of the graphics is directly related to the number of un-weighted unique occurrences each month of the individual words represented. Most automated graphic processes that generate these types of word clouds use additional weight for H1 – H6 tags through feeds. These graphics are not processed with H1 – H6 tags. The titles and authors were copied to Notepad and stripped of all HTML before being run through the Wordle Java platform. The process is case-sensitive so Library is not the same thing as library.
 
The most prominent word without employing filters would have been Publib. Publib and Fwd were deleted from the plaintext files before processing. In addition, the Wordle program automatically disregards articles, conjunctions, and prepositions.
 
Publib Topics April 2011

Publib Topics April 2011

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives

Archives compiled after Dec. 7, 2011 are available here: Archives

bar

Publib Topics – A Graphic Retrospective – February 2011

Beware Graphic Content Ahead!

 
This graphic image  or word cloud was created using Wordle. It is derived from the subjects and authors of postings in PubLib for February 2011. The size of the graphics is directly related to the number of un-weighted unique occurrences each month of the individual words represented. Most automated graphic processes that generate these types of word clouds use additional weight for H1 – H6 tags through feeds. These graphics are not processed with H1 – H6 tags. The titles and authors were copied to Notepad and stripped of all HTML before being run through the Wordle Java platform. The process is case-sensitive so Library is not the same thing as library.
 
The most prominent word without employing filters would have been Publib. Publib and Fwd were deleted from the plaintext files before processing. In addition, the Wordle program automatically disregards articles, conjunctions, and prepositions.
 
Publib Februrary 2011

Publib Februrary 2011

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives

Archives compiled after Dec. 7, 2011 are available here: Archives

bar

Publib Topics – A Graphic Retrospective – January 2011

Beware Graphic Content Ahead!

This graphic image or word cloud was created using Wordle. It is derived from the subjects and authors of  postings in PubLib for January 2011.  The size of the graphics is directly related to the number of un-weighted unique occurrences each month of the individual words represented.    Most automated graphic processes that generate these types of word clouds use additional weight for H1 – H6 tags through feeds.  These graphics are not processed with H1 – H6 tags. The titles and authors were copied to Notepad and stripped of all HTML before being run through the Wordle Java platform. The process is case-sensitive so Library is not the same thing as library.

 
The most prominent word without employing filters would have been PublibPublib and Fwd were deleted from the plaintext files before processing.  In addition, the Wordle program automatically disregards articles, conjunctions, and prepositions. 
 
Publib Word Cloud January 2011

Publib January 2011

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives

Archives compiled after Dec. 7, 2011 are available here: Archives

bar

Library Security and Insecurity : Sacramento Public Library , Ocean State Libraries and The Library Connection

Library Security and Insecurity  – A Brief Risk Assessment

~ Robert L. Balliot, MLIS

Anne Frontino of the Haddonfield Public Library in New Jersey queried the PubLib Listserve about  privacy and possible misuse of library barcodes on smartphones remarking:

Our library is considering allowing patrons to use barcodes scanned onto their smart phones to check out books.  …    We have only had a few instances of patrons trying this method of checking out items, but we feel that there may be some privacy or other misuse issues lurking.

barcode

Responses varied from Manya Shorr of the Sacramento Public Library advocating for use of barcodes without requiring authentication  to Dale McNeill of the Queens Library advocating familiar authentication such as PINs.  

It was obvious that there is no universally accepted standard for securing library user information, yet privacy is a cornerstone of libraries, library ethics, and the library profession.  In fact, a privacy guarantee may be the one thing in the information age that sets libraries apart from other massive information resources.  It may be the singular added value that provides validation of libraries as a public service.

Library records and library use are afforded privacy protection by statute and / or published opinions in the fifty States and the District of Columbia. Many states have enacted Security Breach notification laws and Data Disposal laws that safeguard privacy. Library user privacy is also championed by the American Library Association  Code of Ethics specifically through Article III:  

We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.

These statutes, ethics and opinions can create formidable barriers to unlawful, unwarranted electronic discovery.  However, dramatic changes to the traditional library information environment have led to a general failure of libraries to provide security of library records and transactions and fulfill professional and statutory guarantees of privacy.  As a result of those dramatic changes, library usage represents a massive opportunity for legitimate and illegitimate electronic discovery.

In 2009 the HITECH Act was passed to specifically address privacy of health records in the United States in conjunction with HIPAA.  The process promulgated for securing privacy of health records could be effectively applied to safeguard library records – the technology is the same and the security issues are similar. Libraries and health care providers are both required to safeguard the privacy of user records.  Health care records and library user records are both defined as protected information resources.  But, unlike libraries as a result of HIPAA and HITECH the custodians of health care records must now undergo a risk assessment to identify how breaches of privacy may occur.

Enigma

Enigma Encryption Device

If risk assessments are not being conducted by libraries, how well are Libraries securing user information? Thousands and thousands of library records have been compromised and hacked. Nothing mandates risk assessment of library privacy and information security. Yet, the laws and opinions in all 50 states and DC define library user information as private and protected. 

What is the ongoing risk of exposing library user information? Huge. Three Library systems are reviewed here for the most basic levels of information security for users  – Encryption, Authorization and Authentication and Agency of ownership applied to Library Catalogs and Websites.

library Sacramento Public Library – Sacramento, California

The Sacramento Public Library serves  over 600,000  users with 28 libraries.  According to Manya Shorr, the SACPL also allows use of un-authenticated barcode images on smartphones as an alternative to a library card.

California Statutes :  Security Breach, Data Disposal and Library Records Privacy

Catalog – encore © Innovative Interfaces, Inc.

Encryption – The SACPL catalog employs https SSL for user login.  The catalog does not employ https SSL  for non-login searches.

Authorization and Authentication –  User login requires Barcode or User Name AND PIN

Agency – The SACPL  catalog employs third-party Google Analytics to track and store user information – script from SACPL catalog:  

var _gaq = _gaq || [];    _gaq.push(['_setAccount', 'UA-8159966-1']);    _gaq.push(['_trackPageview']);    (function() {      var ga = document.createElement(‘script’); ga.type = ‘text/javascript'; ga.async = true;      ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js';     var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s);    })(); 

Website – The SACPL Employs Google custom search – an outside agency not under control of SACPL which tracks and stores user information

Sacramento Public Library Risk Assessment –  Fail

Non-login catalog searches appear to be transmitted in the clear. Login catalog use and non-login catalog use is tracked by Google – a third-party not controlled by the SACPL.  Searches of the SACPL website employing Google custom search is third-party data collection not controlled by SACPL.  In addition, risk of in-person identity theft is compounded by reliance on staff to authenticate based on suspicion.  How is reasonable suspicion quantified and qualified with 28 libraries and 600K users?

library Ocean State Libraries – (library consortium)  – Rhode Island

The Ocean State Libraries (OSL) consortium (formerly CLAN) includes 49 public libraries of Rhode Island and over 500,000 user records.  In 2003 a long-term employee of the Warwick Public Library – the home of the Ocean State Libraries offices – was charged with stealing library user identity to obtain credit cards.  Each employee with access to the circulation modules of the consortium is able to access library records and personal information for other users of the integrated library system.  So, at the time when charges were filed all of the patron records for all of the libraries were potentially breached.  Subsequent meetings of the OSL voting membership  – library directors – discussed some of the security concerns of  retaining drivers license numbers and social security numbers within the database.  Some consideration of standardizing security of data was profferred.   Arguments were made that the easiest thing to do was not to require PINs or other authentication and leave data collection and retention as a decision at the local level.

Rhode Island Statutes :  Security Breach, Data Disposal and Library Records Privacy

Catalog –  encore © Innovative Interfaces, Inc.

Encryption – The OSL catalog uses https SSL to encrypt login to user accounts.  The OSL does not employ encryption for non-login catalog searches – all searches appear to be transmitted in the clear.

Authorization and Authentication – The OSL catalog does not require authentication of user accounts through a PIN – merely knowledge of a simple numeric 14 digit bar code. 

Agency – It is unclear how information is shared with external agents – however, patron data is shared throughout the consortium and is not compartmentalized.

Website – OSL website user information is shared with and tracked utilizing Statcounter.com – a service out of Ireland.

Agency - User information is shared with and tracked utilizing Statcounter.com – a third party service apparently managed out of Ireland.  Statcounter script is rendered as invisible, secreted tracking without informing visitors of its use within the website code – script from OSL website  :

 Start of StatCounter Code –>
<SCRIPT type=text/javascript>
sc_project=1420372;
sc_invisible=1;
sc_partition=11;
sc_security=”7885d9a5″;    . . .

Ocean State Libraries Risk Assessment –  Fail

No authentication of library catalog users – creating high risk of exposing user data. Non-login catalog searches appear to be transmitted in the clear without encryption.  Use of website employing Statcounter.com aggregation of user data is third-party data collection by an agency not controlled by OSL – with servers storing data about user sessions apparently located  in Ireland. Although security of patron records has been breached in the past, compartmentalization of records does not appear to have taken place.

library  The Library Connection – (library constorium) – Connecticut

Janus

Janus

The Library Connection serves  27 public and academic libraries  in the State of Connecticut.  The Library Connection librarians achieved some notoriety within the world of librarianship from their challenge to a National Security Letter and willingness to go to the mat along with the ACLU to defend the privacy of their users against law enforcement  in John Doe v Gonzales.   How does this library system employing librarians willing to secure and protect patron information from law enforcement review face user information security in general?

Connecticut Statutes :  Security Breach, Data Disposal and Library Records Privacy

Catalog - The Library Connection consortium employs the SirsiDynix integrated library system

Encryption - The login connection to the Library Connection catalog does not employ https  SSL.

Authorization and Authentication – A name and PIN or a barcode number and PIN are required for access to library user record.  However, since that information is apparently transmitted in the clear instead of encrypted using https SSL  – identity theft and harvesting of PINs with names and PINs with barcode numbers could be easily accomplished.

Agency - It is unclear how data is shared.  Library Connection privacy policy states

Information on non-Registered Library Users: No information is collected on library users who do not register as patrons. Some member libraries may collect the names of those who wish to use library computers to access the Internet. We encourage these libraries not to retain this information longer than three days.

Website - Immediately upon entering the Library Consortium website, user data is shared with and tracked by Google analytics

The Library Connection Risk Assessment –  Fail

No apparent encryption of library users logins. Non-login catalog searches appear to be transmitted in the clear.  Use of website employing Google analytics  is third-party data collection – an agency not controlled by the Library Connection – which appears contrary to the Library Connection policy on non-registered users.

Risk Assessment Summary -

The ongoing risk  to library user privacy is huge. This brief survey only touches on a few of the many current insecurities of library user information. Insecure user privacy practices represented in this brief risk assessment affect the privacy of over one million library users –  just at these three library systems. The privacy standards outlined by Article III of the ALA Code of Ethics may be comprised for convenience even by large library systems.   The ongoing erosion of user privacy in libraries to faciliate ‘ease of use’ by librarian and patron without regard to standard information security practices and ethics threatens the foundation of libraries as viable professional public services.

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives Please note: HTML is stripped out of archives. Compose in plain text or richtext.

 

Tea Parties and Terabytes : the Digital Library Revolution

bar

Tea Parties and  Terabytes  : the Digital Library Revolution

Tea Party

A few months ago on Publib , I entertained the idea of replacing a brick and mortar library with electronic book readers and subscriptions.

Our local free library had spent about $8,000,000 on a library renovation / reconstruction employing grants, local taxes, donations and state funds.  Notably, it had started out being about a 4 million dollar project.   What would 8 million dollars along with yearly operating funds  purchase now?  Could the needs of library users be met with electronic book readers and subscriptions?  Could accessibility be expanded?  

Asking those questions met with sharp disapproval from the librarian in Rhode Island who had overseen the project. She characterized me as a tea bagger – (derogatory slang meaning Tea Party member) for daring to bring up the idea.   At least I think that was what she meant.  The Urban Dictionary has some other definitions that are not very nice.

I'm late !

Why would entertaining a simple idea of how  8 million dollars could have been spent create such a visceral reaction? Public libraries represent the most efficient aspect of local government.  Hardly any library system is a  beneficiary of public largess.  The entire loosely affiliated public library system in the United States is efficient because of internalized ethics, highly trained personnel and sharing.  Sharing resources means everyone benefits.  Sharing is something other public services have never done as well as public libraries. Are public libraries in such precarious shape that civil discourse threatens libraries as the bastions of civil discourse?  Is time running out? Are we too late?

Imagine no brick and mortar library exists.  What sort of digital book access could an initial 8 million dollar investment and a yearly operating  budget of $480,000  afford?  …

$8,000,000  could buy:

 Amazon Kindle . . . . . . . . 57,553 units retail    at $139 each or
 Sony eBook Reader . . . .  62,015 units retail    at $129 each or
 Barnes & Noble Nook . . . 53,691 units retail    at $149 each 

 A $480,000 operating budget could purchase:

Lots of electronic books. The cost of many titles through Amazon’s Kindle program is $9.99 or less. So, yearly new ebook accession could be greater than or equal to 48,000 titles. That seems like a fairly small collection to support sixty thousand ebook readers

The 60,000 ebook readers could also be shared within households. With  2.59 people on average per household – 155,400 people would be sharing only 48,000 titles.  That is less than 1/3 of a book simultaneously available to all readers at once during the first year.

But wait, there’s more, terabytes more:

Amazon also provides Kindle Popular Classics with almost instantaneous free access to over 15,000 books.

Project Gutenberg provides Free eBooks with over 33,000  titles.

The Internet Archive provides free access to massive collections .

The Google Books project also provides free access to terabytes of text and images and is partnering with major libraries around the world.

Digital collections such as the Perseus Project   and Lincolniana at Brown offer a vast wealth of specialized subject matter.

The United States Government along with State and Local Governments are providing more and more public information in digital format.

So, what does that mean?

60,000 households could each have immediately access to hundreds of thousands of free books and articles and increasing access to new books and articles. 

But what about catalogs and reader services?  Doesn’t everyone need catalog help? These collections are HUGE!

The Library of Congress is the largest library in the United States.  The Library of Congress Catalog is massive and serves as the expert resource for copyright.  The Librarians who staff the Library of Congress are some of the most highly compensated in the US. 

Which catalog is intuitively better?

Library of Congress Catalog search:

Here is the output in basic search for the word balliot:   http://bit.ly/fCXAnh

Select item 2 –  CONVAL Report:  http://bit.ly/ijNORk

Using the same search strategy in Google Books:

Here is the output in basic search for the word balliot:    http://bit.ly/faHnAT

Select item 1 – CONVAL Report:  http://bit.ly/gUPu1v

It is even intuitively easier to search within  Library of Congress collections using Google Books full text.  LC requires a copy submitted to them when they formally copyright.  

Full- text of the Copyright Catalog available within Google and not within the LC catalog:  http://bit.ly/gzJf7S  provides reference pointers to LC’s collection.

The HELIN  Library Catalog employs  III encore software and includes: Brown University, Bryant University, Community College of Rhode Island, Dominican House of Studies, Hospital Libraries of Rhode Island, Johnson & Wales University, Providence College, Rhode Island College, Roger Williams University, Salve Regina University, University of Rhode Island, and Wheaton College holdings.

Which catalog is more helpful? 

Here is  HELIN‘s output searching for the phrase Windows Forensic Analysis DVD Toolkit, Second Edition:   http://bit.ly/g8mOa0

Here is Amazon‘s output searching for the phrase Windows Forensic Analysis DVD Toolkit, Second Edition: http://amzn.to/gBpxkZ

Encore tells us that we should use other words and check our spelling. It offers no leads to additional material.  Amazon provided the book, the electronic version, reviews, shots of inside pages and related works.  Some library catalogs intergrate similar features in the user interface, but they are not leading the way.  They are merely following the examples of successful for-profit library catalogs that only recently began to market books.

The Digital Library Revolution

 $8,ooo,ooo in construction expenditures and a $480,000 yearly budget represents the real-world costs of operating a public library in a community with about 22,000 residents and a fairly small collection.  Using the revolutionary digital library model presented here, the same funds would support 155,400  people in 60,000 households while providing instant access to terabytes of digitized collections.
 
The digital library revolution is a radical departure from the way that library materials are contained, published and distributed. Instead of allowing public libraries to disappear from the conversation,  civil discourse should continue that includes public libraries as significant partners and facilitators in the evolution of this digital library revolution.  It is not too late.
 

 “But I don’t want to go among mad people,” Alice remarked.
“Oh, you can’t help that,” said the Cat: “we’re all mad here. I’m mad. You’re mad.”
“How do you know I’m mad?” said Alice.
“You must be,” said the Cat, “or you wouldn’t have come here.” ~ Lewis Carroll

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction  listserve are available here:  Archives   Please note:  HTML is stripped out of archives. Compose in plain text or richtext.

bar

Publib Topics – A Graphic Retrospective from January 2011 back to January 2010

Beware Graphic Content Ahead!

These graphic images or word clouds were created using Wordle. They are derived from the subjects and authors in PubLib from January 2010 to January 27 2011.  The size of the graphics is directly related to the number of un-weighted unique occurrences each month of the individual words represented.    Most automated graphic processes that generate these types of word clouds use additional weight for H1 – H6 tags through feeds.  These graphics are not processed with H1 – H6 tags. The titles and authors were copied to Notepad and stripped of all HTML before being run through the Wordle Java platform. The process is case-sensitive so Library is not the same thing as library.
The most prominent word without employing filters would have been PublibPublib and Fwd were deleted from the plaintext files before processing.  In addition, the Wordle program automatically disregards articles, conjunctions, and prepositions.
 
The first graphic represents the most current information for January 2011 and is followed by the normal sequence of January – December 2010.  
2011 appears somewhat ominous! 
January 2011 PubLib

PubLib January 2010

PubLib February 2010

PubLib March 2010

PubLib April 2010

PubLib April 2010

PubLib May 2010

PubLib May 2010

PubLib June 2010

 

PubLib July 2010

 

PubLib August 2010

PubLib September 2010

PubLib October 2010

PubLib November 2010

PubLib December 2010

bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction  listserve are available here:  Archives   Please note:  HTML is stripped out of archives. Compose in plaintext or richtext.

Follow

Get every new post delivered to your Inbox.

Join 183 other followers