Amazon in competition with libraries?

bar

Is Amazon in competition with Libraries or are Libraries in competition with Amazon?

In the Publib post Amazon in competition with libraries?Randall Yelverton of the Washington District Library directed our attention to this Publishers Weekly blog story:

    Funding remains steady in many systems for now, but we will be, and should already be, fighting against perceived irrelevance that will increase as digital subscription services allow people to curate massive personal media and information collections with great ease.
Library Books

Library Books

Book stores, large or small, aren’t analogous to libraries because you pay for every single purchase from a store. Subscription services are far more similar to a library because for a fee, just as you pay taxes to support the library, you can quickly access a media library, and there’s likely not waiting for the must-have title.

To which the Publib chorus responded ~

  • That said, pay-fer services, like that described here or Netflix or even big book stores, are no threat to libraries. They certainly haven’t caused reduced funding for libraries. ~ DARRELL COOK – Richardson (TX) Public Library
  • Publishers are going to be pushing back hard on this. Customers may find that their selection from the Amazon lending library will be pretty meager. Still, we shouldn’t be complacent. : http://www.pcworld.com/article/239859/amazon_kindle_ebook_lending_program_what_it_needs_to_succeed.html  ~ Sharon Foster
  • The fact remains that libraries must evolve. We must change the perception that, once people can easily check out books, audio books, and find information quickly and easily using their smart devices, that libraries will no longer be needed. What will or what are libraries morphing into? What will be our new/revised role in community when it is no longer “reading advisor”? How will City Councils and State Legislatures begin to view us as “essential” and not as a place to begin cutbacks? ~ Beth Carlberg -Lubbock Public Libraries
  • This very topic was the subject of the Infopeople webinar, “Libraries in a Post-Print World,” held yesterday, September 13.   I recognized several PubLibbers’ names among the attendees.  The webinar archive is here:   http://infopeople.org/training/libraries-post-print-world  ~ Nann Hilyard the library in Zion, Illinois

Amazon is a singular corporate entity. Libraries are at best an aggregate of like-minded interests loosely, yet passionately bound together by a system of professional ethics.  Like politics, all Libraries are local.  So, can we really say that Amazon is competing with any individual Library or are Libraries collectively poised to compete with Amazon?

The month of September 2011 marked some major changes in Amazon:

  • On September 21st -  Amazon Kindle kicked into Overdrive – making Kindle Books available at over 11,000 local libraries.
  • On September 26th – Amazon announced its digital licensing agreement with Twentieth Century Fox.
  • On September 28th – Amazon announced the availability of four new Kindle models including:
    • a pocket sized $79 version
    • a Kindle Touch version for $99
    • a Kindle Touch 3G for $149
    • and Kindle Fire for $199 that will play Video, MP3 and offer books

The financial markets responded well to these announcements:  http://www.google.com/finance?client=ob&q=NASDAQ:AMZN#

Each of these announced changes impact the aggregate of Libraries and individual libraries. 

- Amazon Kindle kicked into Overdrive – increases demand for Kindle titles and pressure on collection development budgets: 
  • I know that it takes a bit for new programs to work the glitches out but we have some pretty avid readers who have been waiting and watching for the Kindle app to appear.  I want to make sure I can help them when they appear on our doorstep. ~ Jan Cole – Duncan Public Library
  • Would anyone be willing to share the percentage of your annual materials budget that you allocate for e-books, or just the amount you budget for
    e-books? What is your population? – Diane Greenwald -Warwick Public Library (Ocean State Libraries)
His and Her Kindles

His and Her Kindles

As a proud owner of His and Her Kindles, I reviewed the Ocean State Libraries
 consortium offerings for Kindle.  The number of titles currently available for the 600,000+ card holders is: 4,046.  There is essentially no depth to the collection at this time nor any real value in searching it.  In contrast - using the no-contract free 3G access built into the Kindles, I can browse and sample over 1 million titles.

- The deal with Twentieth Century Fox means additional video titles are now available for Amazon to stream to all sorts of device – providing an on-demand library of over 100,000 titles. 

How many libraries can say they are able to provide the equivalent access?

-The new price point for Kindles – as low as $79 dollars with WiFi or $149 with free 3G means many, many more people will be able to afford Kindles. 

Amazon Prime is $79 a year. So, for a total investment of about $150, you have WiFi, and thousand of books and videos available – represent a big price drop from just a few months ago. And, the new Kindle Fire may potentially become the dominant streaming media device.

Publib contributors are not without ethical concerns over these changes  -

  • … that kind of seamless integration across your Amazon account has interesting (i.e. potentially alarming) implications about just how much Amazon is keeping track of its customers’ relationships with their public libraries. I’m not sure what I think about that yet. Does anyone have a read
    on that yet? ~ Will Porter – Dennis Memorial Library
  • … but I did note yesterday that your library books are listed in your Kindle account information, just like books you purchase, and can be sent to any device you own from there. Several of our patrons have already commented on the service on our FB page – one or two even praised how easy it is, so that’s a nice change… ;) ~ Robin Hastings – Missouri River Regional Library
  • So they’re definitely paying attention to what patrons are checking out and using that information for marketing. I wouldn’t be too surprised if they shared that information with others. Part of me wants to make a big point of letting patrons know that their Kindle checkouts aren’t anonymous, but I don’t really know that patrons care about that as much as I do. I know that while my librarian self finds it worrying my patron/customer self just doesn’t care.   ~ Andrew Fuerste-Henry Dubuque, IA

 But is Amazon competing with Libraries or are Libraries competing with Amazon?

 
bar

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives

Please note: HTML is stripped out of archives. Compose in plaintext or richtext.

bar

Library Security and Insecurity : Sacramento Public Library , Ocean State Libraries and The Library Connection

Library Security and Insecurity  – A Brief Risk Assessment

~ Robert L. Balliot, MLIS

Anne Frontino of the Haddonfield Public Library in New Jersey queried the PubLib Listserve about  privacy and possible misuse of library barcodes on smartphones remarking:

Our library is considering allowing patrons to use barcodes scanned onto their smart phones to check out books.  …    We have only had a few instances of patrons trying this method of checking out items, but we feel that there may be some privacy or other misuse issues lurking.

barcode

Responses varied from Manya Shorr of the Sacramento Public Library advocating for use of barcodes without requiring authentication  to Dale McNeill of the Queens Library advocating familiar authentication such as PINs.  

It was obvious that there is no universally accepted standard for securing library user information, yet privacy is a cornerstone of libraries, library ethics, and the library profession.  In fact, a privacy guarantee may be the one thing in the information age that sets libraries apart from other massive information resources.  It may be the singular added value that provides validation of libraries as a public service.

Library records and library use are afforded privacy protection by statute and / or published opinions in the fifty States and the District of Columbia. Many states have enacted Security Breach notification laws and Data Disposal laws that safeguard privacy. Library user privacy is also championed by the American Library Association  Code of Ethics specifically through Article III:  

We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.

These statutes, ethics and opinions can create formidable barriers to unlawful, unwarranted electronic discovery.  However, dramatic changes to the traditional library information environment have led to a general failure of libraries to provide security of library records and transactions and fulfill professional and statutory guarantees of privacy.  As a result of those dramatic changes, library usage represents a massive opportunity for legitimate and illegitimate electronic discovery.

In 2009 the HITECH Act was passed to specifically address privacy of health records in the United States in conjunction with HIPAA.  The process promulgated for securing privacy of health records could be effectively applied to safeguard library records – the technology is the same and the security issues are similar. Libraries and health care providers are both required to safeguard the privacy of user records.  Health care records and library user records are both defined as protected information resources.  But, unlike libraries as a result of HIPAA and HITECH the custodians of health care records must now undergo a risk assessment to identify how breaches of privacy may occur.

Enigma

Enigma Encryption Device

If risk assessments are not being conducted by libraries, how well are Libraries securing user information? Thousands and thousands of library records have been compromised and hacked. Nothing mandates risk assessment of library privacy and information security. Yet, the laws and opinions in all 50 states and DC define library user information as private and protected. 

What is the ongoing risk of exposing library user information? Huge. Three Library systems are reviewed here for the most basic levels of information security for users  - Encryption, Authorization and Authentication and Agency of ownership applied to Library Catalogs and Websites.

library Sacramento Public Library – Sacramento, California

The Sacramento Public Library serves  over 600,000  users with 28 libraries.  According to Manya Shorr, the SACPL also allows use of un-authenticated barcode images on smartphones as an alternative to a library card.

California Statutes :  Security Breach, Data Disposal and Library Records Privacy

Catalogencore © Innovative Interfaces, Inc.

Encryption - The SACPL catalog employs https SSL for user login.  The catalog does not employ https SSL  for non-login searches.

Authorization and Authentication -  User login requires Barcode or User Name AND PIN

Agency - The SACPL  catalog employs third-party Google Analytics to track and store user information - script from SACPL catalog:  

var _gaq = _gaq || [];    _gaq.push(['_setAccount', 'UA-8159966-1']);    _gaq.push(['_trackPageview']);    (function() {      var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true;      ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’;     var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s);    })(); 

Website – The SACPL Employs Google custom search - an outside agency not under control of SACPL which tracks and stores user information

Sacramento Public Library Risk Assessment -  Fail

Non-login catalog searches appear to be transmitted in the clear. Login catalog use and non-login catalog use is tracked by Google – a third-party not controlled by the SACPL.  Searches of the SACPL website employing Google custom search is third-party data collection not controlled by SACPL.  In addition, risk of in-person identity theft is compounded by reliance on staff to authenticate based on suspicion.  How is reasonable suspicion quantified and qualified with 28 libraries and 600K users?

library Ocean State Libraries – (library consortium)  - Rhode Island

The Ocean State Libraries (OSL) consortium (formerly CLAN) includes 49 public libraries of Rhode Island and over 500,000 user records.  In 2003 a long-term employee of the Warwick Public Library – the home of the Ocean State Libraries offices – was charged with stealing library user identity to obtain credit cards.  Each employee with access to the circulation modules of the consortium is able to access library records and personal information for other users of the integrated library system.  So, at the time when charges were filed all of the patron records for all of the libraries were potentially breached.  Subsequent meetings of the OSL voting membership  – library directors – discussed some of the security concerns of  retaining drivers license numbers and social security numbers within the database.  Some consideration of standardizing security of data was profferred.   Arguments were made that the easiest thing to do was not to require PINs or other authentication and leave data collection and retention as a decision at the local level.

Rhode Island Statutes :  Security Breach, Data Disposal and Library Records Privacy

Catalogencore © Innovative Interfaces, Inc.

Encryption - The OSL catalog uses https SSL to encrypt login to user accounts.  The OSL does not employ encryption for non-login catalog searches – all searches appear to be transmitted in the clear.

Authorization and Authentication - The OSL catalog does not require authentication of user accounts through a PIN – merely knowledge of a simple numeric 14 digit bar code. 

Agency – It is unclear how information is shared with external agents – however, patron data is shared throughout the consortium and is not compartmentalized.

Website – OSL website user information is shared with and tracked utilizing Statcounter.com – a service out of Ireland.

Agency - User information is shared with and tracked utilizing Statcounter.com – a third party service apparently managed out of Ireland.  Statcounter script is rendered as invisible, secreted tracking without informing visitors of its use within the website code – script from OSL website  :

 Start of StatCounter Code –>
<SCRIPT type=text/javascript>
sc_project=1420372;
sc_invisible=1;
sc_partition=11;
sc_security=”7885d9a5″;    . . .

Ocean State Libraries Risk Assessment -  Fail

No authentication of library catalog users – creating high risk of exposing user data. Non-login catalog searches appear to be transmitted in the clear without encryption.  Use of website employing Statcounter.com aggregation of user data is third-party data collection by an agency not controlled by OSL – with servers storing data about user sessions apparently located  in Ireland. Although security of patron records has been breached in the past, compartmentalization of records does not appear to have taken place.

library  The Library Connection – (library constorium) – Connecticut

Janus

Janus

The Library Connection serves  27 public and academic libraries  in the State of Connecticut.  The Library Connection librarians achieved some notoriety within the world of librarianship from their challenge to a National Security Letter and willingness to go to the mat along with the ACLU to defend the privacy of their users against law enforcement  in John Doe v Gonzales.   How does this library system employing librarians willing to secure and protect patron information from law enforcement review face user information security in general?

Connecticut Statutes :  Security Breach, Data Disposal and Library Records Privacy

Catalog - The Library Connection consortium employs the SirsiDynix integrated library system

Encryption - The login connection to the Library Connection catalog does not employ https  SSL.

Authorization and Authentication - A name and PIN or a barcode number and PIN are required for access to library user record.  However, since that information is apparently transmitted in the clear instead of encrypted using https SSL  – identity theft and harvesting of PINs with names and PINs with barcode numbers could be easily accomplished.

Agency - It is unclear how data is shared.  Library Connection privacy policy states

Information on non-Registered Library Users: No information is collected on library users who do not register as patrons. Some member libraries may collect the names of those who wish to use library computers to access the Internet. We encourage these libraries not to retain this information longer than three days.

Website - Immediately upon entering the Library Consortium website, user data is shared with and tracked by Google analytics

The Library Connection Risk Assessment -  Fail

No apparent encryption of library users logins. Non-login catalog searches appear to be transmitted in the clear.  Use of website employing Google analytics  is third-party data collection – an agency not controlled by the Library Connection – which appears contrary to the Library Connection policy on non-registered users.

Risk Assessment Summary -

The ongoing risk  to library user privacy is huge. This brief survey only touches on a few of the many current insecurities of library user information. Insecure user privacy practices represented in this brief risk assessment affect the privacy of over one million library users –  just at these three library systems. The privacy standards outlined by Article III of the ALA Code of Ethics may be comprised for convenience even by large library systems.   The ongoing erosion of user privacy in libraries to faciliate ‘ease of use’ by librarian and patron without regard to standard information security practices and ethics threatens the foundation of libraries as viable professional public services.

Please join us on BestofPublib Facebook

The Publib Archives

The Publib archives from the Webjunction listserve are available here: Archives Please note: HTML is stripped out of archives. Compose in plain text or richtext.

 

Follow

Get every new post delivered to your Inbox.

Join 177 other followers