Here is a partial list of various ways I can think of to expose information about library patrons and their search and reading history by use (and misuse) of software used or recommended by libraries.
- Send a patron’s ebook reading history to a commercial website…
- … in the clear, for anybody to intercept.
- Send patron information to a third party…
- … that does not have an adequate privacy policy.
- … that has an adequate privacy policy but does not implement it well.
- … that is sufficiently remote that libraries lack any leverage to punish it for egregious mishandling of patron data.
- Use an unencrypted protocol to enable a third-party service provider to authenticate patrons or look them up…
- … such as SIP2.
- … such as SIP2, with the patron information response message configured to include full contact information for the patron.
- … or many configurations of NCIP.
- … or web services accessible over HTTP (as opposed to HTTPS).
- Store patron PINs and passwords without encryption…
- … or using weak hashing.
- Store the patron’s Social Security Number in the ILS patron record.
- Don’t require HTTPS for a patron to access her account with the library…
- … or if you do, don’t keep up to date with the various SSL and TLS flaws announced over the years.
- Make session cookies used by your ILS or discovery layer easy to snoop.
- Use HTTP at all in your ILS or discovery layer – as oddly enough, many patrons will borrow the items that they search for.
- Send an unencrypted email…
- … containing a patron’s checkouts today (i.e., an email checkout receipt).
- … reminding a patron of his overdue books – and listing them.
- … listing the titles of the patron’s available hold requests.
- Don’t encrypt connections between an ILS client program and its application server.
- Don’t encrypt connections between an ILS application server and its database server.
- Don’t notice that a rootkit has been running on your ILS server for the past six months.
- Don’t notice that a keylogger has been running on one of your circulation PCs for the past three months.
- Fail to keep up with installing operating system security patches.
- Use the same password for the circulator account used by twenty circulation staff (and 50 former circulation staff) – and never change it.
- Don’t encrypt your backups.
- Don’t use the feature in your ILS to enable severing the link between the record of a past loan and the specific patron who took the item out…
- … sever the links, but retain database backups for months or years.
- Don’t give your patrons the ability to opt out of keeping track of their past loans.
- Don’t give your patrons the ability to opt in to keeping track of their past loans.
- Don’t give the patron any control or ability to completely sever the link between her record and her past circulation history whenever she chooses to.
- When a patron calls up asking “what books do I have checked out?” … answer the question without verifying that the patron is actually who she says she is.
- When a parent calls up asking “what books does my teenager have checked out?”… answer the question.
- Set up your ILS to print out hold slips… that include the full name of the patron. For bonus points, do this while maintaining an open holds shelf.
- Don’t shred any circulation receipts that patrons leave behind.
- Don’t train your non-MLS staff on the importance of keeping patron information confidential.
- Don’t give your MLS staff refreshers on professional ethics.
- Don’t shut down library staff gossiping about a patron’s reading preferences.
- Don’t immediately sack a library staff member caught misusing confidential patron information.
- Have your ILS or discovery interface hosted by a service provider that makes one or more of the mistakes listed above.
- Join a committee writing a technical standard for library software… and don’t insist that it take patron privacy into account.
Do you have any additions to the list? Please let me know!
Of course, I am not actually advocating disclosing confidential information. Stay tuned for a follow-up post.
Tips and tricks for leaking patron information by Galen Charlton is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.