Building Anonymous-Friendly Computer Libraries?

H310iSe writes "Listening to NPR today and caught a story on All Things Considered about how the FBI has demanded information on borrowing and browsing habits, including computer seizures, from 85 libraries since Sept. 11 (utilizing their new-found powers from the PATRIOT act). Similar stories (which don't require RealAudio) are here and here. The American Librarian Association is providing information for librarians to help deal with this, and it seems heavily tilted towards supporting individuals' rights to privacy. It seems like the Slashdot crowd could come up with a great library computer setup that would protect anonymity (I'm thinking about things like creating a RAM disk and loading the OS onto it). How about ways to enable people to borrow books anonymously without opening the door to large-scale theft? I bet if we offered a packaged, free, easy to install Safe Browsing computer or Anonymous Checkout program, libraries across the U.S. would enthusiastically embrace it." According to the articles, these checks can be made for any reason, not just for suspected terrorism. It seems that if the American people are going to protect their rights, they are going to have to do so actively. Is the idea presented above, feasible? How would you improve upon it?

interesting...

[graznar]

hmm i agree that the users rights should be protected. but maybe the RAM disk is a little bit of over kill. i think potentially it could be solved at a software level rather than having to reload the OS into a new location. theoretically, browsing habits can be covered easily at the software level with many programs available on the internet. i sure wish the CoDC would come up with something for this. :)

Just purge records

[BenCaxton]

It's my understanding that a lot of libraries don't keep any records of who has checked out a book in the past. The only records kept are who currently has the book and any info pertaining to fines. The same could essentially be done with computer usage. The records of who was using a computer need not be kept past the end of a day, and the hard drive could then be synced to some disk image (I know some places already do this too, just to keep the machines working properly). I'm not sure any fancy technical solution is really necessary. If libraries are really interested in protecting privacy they can do it.

if you build it..

[mjolnir_]

..the Feds will complain and Congress will simply mandate that any US library that receives any federal aid (ie, all of them) use a browse/borrow system that can supply exactly this kind of information.

Patriot Act, indeed. If you want to be a patriot these days, go vote in November and boot these current idiots out of power.

Are you sure it's a computer problem?

[Sheetrock]

First things first, one would have to assume that the librarian and network techs can be fully trusted. If not, any library-provided computer has to be considered untrustworthy unless you bring your own laptop, in which case what's the point, right?

Respect for the anonymity of the library patron (at a minimum) needs to be codified in law. Otherwise, at any point the government can stop funding libraries that don't track patrons (like McCain's initiative that flew through Congress mandating web surfing filters) or worse.

If all these conditions are met, then if the libraries refused to use proxy logs or anything of the sort, and set up network PCs that ghosted themselves from a server (preferably with Linux) every time a patron logs out to fight trojan loaders and such, then things would go pretty well. But I don't think that it's the technology that's at issue.

Our librarian is pretty cool about these things, by the way, and probably would go for setting up something along these lines if she thought it'd be worth the investment. It wouldn't be, however, because there's still a lot of other variables that prevent such a setup from presenting anything other than a false sense of security.

anonymous borrowing

[pensano]

A borrower could get an anonymous ID number (anytime) and leave a deposit, refundable upon return, for the replacement cost of each book checked out.

The only problem I see with this is that some people might not be able to come up with the deposit -- they could use the old, non-anonymous system.

Re:anonymous borrowing

[ipfwadm]

The only problem I see with this is that some people might not be able to come up with the deposit -- they could use the old, non-anonymous system.

Oh, so anonymity is the privilege of the wealthy, and not the right of the people? How equitable.

Re:Privacy So Important?

[Fat+Casper]

Does anyone really think that the privacy to look up whatever info you want is important enough to justify the fact that that privacy WILL be used by someone somewhere to take lives?

Yes. I'm sorry; yes, Mr. Anonymous Coward. I cherish my freedom, as you apparently cherish your anonymity. The price of having freedom is allowing other people to have it, too. You apparently believe that freedom is really just the freedom for all of us to be exactly like you. If we don't want to do anything that you don't like, we'll do fine. Because so many people are fucking morons, that means letting them have the freedom to saturate the airwaves with the Backstreet Boys, or the freedom to learn about explosives. We have to accept these dangers as simply the cost of doing business.

Just as my right to privacy is important enough to justify the fact that that privacy WILL be used by someone somewhere to take lives, my right to due process and a fair trial is important enough to justify the fact that due process and fair trials will end up allowing dome "detainees" to go free.

Re:I'm sorry..

[ClarkEvans]

Public Libraries are _public_ places, owned by the _government_. The government has a right to collect information from the library. It is not a private citizen's business or residence

Public Libraries are _public_ places, owned by the _people_. The people have a right to peacebly educate themselves, assemble, and petition government for greviences. They have a right to perform these activities anonymously, else they could be subject to harrassment by those individuals who currently control the government.

Remember in the turn of the century when black people had the right to vote, but had to do so publicly so that their owners knew how they voted and what they were up to at all times? This is called opression and we are quicly headed back to this stage... only this time it won't just be along ratial boundaries.

Re:Cash up front

[R2.0]

Problem is it this plan throws up an economic barrier to getting knowledge, which is the exact OPPOSITE of what a free library is supposed to be.

Scenario: Poor kid doing a term paper. A smart, ambitious kid, and he needs some relatively obscure books. Cash value may be $100/per for academic stuff. So now this kid must come up with $300 cash to write his paper. It doesn't matter if he's going to get it back - he just doesn't have it to give.

And the system can't be "opt-in". That means the well-off get to be anonymous, while the poor get tracked.

Lord knows I think the ACLU is a bunch of busibodies, but they'd have a fit over this one, and rightfully so.

My Addition To The Pot

[DarkZero]

Security measures such as firewalls and anonymous browsing would still be needed, but I'm sure that much more educated individuals could point you toward good solutions for that. I just wanted to bring up the idea of an OS on a CD-ROM. It leaves no records and viruses and worms cannot be installed on it, because it cannot be written to. It's a security solution for both Big Brother and the stupid, worm-downloading idiots that he watches over.

Re:Bottom Line

[jarrell]

Because you're not thinking straight. Knowing that, at any moment, the gov't could walk into the library and demand a list of everything everyone has been reading, or searching on the internet, is incredibly chilling to people's willingness to read, or search, materials that aren't "popular."

It's our responsibility as citizens to remain informed, that's the point of the whole "Informed Democracy" thing. Nowadays, we have the govt regularly telling us "You don't need to know these things, we'll know them for you."

Lets take the current anti-terrorism campaigns. If you oppose the way the detainments and trials (or lack thereof) are going on, then it behooves you to do research to be sure you know all the facts. But wait, our own presidents press secretary has been more than hinting that asking those kinds of questions is unamerican "in this time of war". So the feds raid your library and add you to the list. Next thing you know a friendly FBI team comes by your house, or place of employement because "they have concerns about your reading habits."

As another example, there are plenty of reasons to read up on bomb making, other then planning on actually making one. I'll ignore completely the concept that you might actually be hoping to get into a job involving pyrotechnics, or might be taking a class in it. But I've heard some extraordinary things come out of the mouths of officials about what a particular device built by someone could have done or not done. If I had no idea what the facts were, I'd have to take their word for it, and allow my opinion to be shaped by my own lack of knowledge.

Also, who says the Feds will protect that information right? What if a loved one is HIV positive, and you're researching it for them. Now the FBI has that you've been reading on that topic, and eventually that slips out, and eventually your insurance company gets hold of a 4th hand database, that implies you're hiding that you're hiv positive, and finds an excuse to cancel *your* insurance... Then just the concept that you might be dieing gets to the credit agencies, and all your creditors cancel your credit. Just because you read a book in the library.

Read John Varley's "Press Enter" for a view of a world taking to the logical end of this nibbling away by the "well, if you don't have anything to hide, why do you care?" folks...

RAM disk good for keeping the OS clean

[lkk17]

Having the OS on something that is loaded clean at each boot would be a good idea for other reasons.

If the browser history were filled with porn, if the computer were infected with a virus, or if a keystroke logger were installed, everything could be cleaned up with just a reboot. (The keystroke logging thing happens more often than you would think on public machines.)

An OS that boots from read-only media (like some CD-based Linux distros) would accomplish the same thing.

To make a difference

[FakePlasticDubya]

Run for a seat on your local library board. I can almost guarantee you that you won't see much competition, and heck there might even be an open seat that you can run for uncontested.

Libraries are not run or operated by the Federal Government, at least in the United States. They are run by local government, paid for my the local library district's taxpayers.

Show up to the library board meetings, bring your friends with you. Ask them what they think about these issues, and what they are doing to keep a balance between needed record keeping and just letting Project TIPS or the Homeland Security department grep through records for "nuclear weapon" or "anthrax."

You can make a difference! Most people it seems lately take no interested in local / town / area governments, but that is where the normal citizen can make the MOST difference!

Go Back...

[Blue+Stone]

Roxio's GoBack 3 has an "Auto-Revert" function that automatically restores the hard disk to a pre-determined "clean" state, at a given time/event (midnight/shutdown/whatever.)

They tout it as being ideal for cyber-cafes and libraries.
Unlike GoBack's normal working state, where a detailed history of the drive's activity is maintained, when Auto-Revert is enabled, no history is kept after a revert; all that's left is the "clean state."

Sounds ideal for preventing authoritarian agencies from snooping on their citizen's web surfing habits. :)

I'm even sorrier

[astroboy]

This may very well be taken as Flamebait or Offtopic, but I can't resist sticking my nose in here. Public Libraries are _public_ places, owned by the _government_.

1. While this is often true, so what? The rest areas in national parks are also owned by the government, but that doesn't mean they have the right to put webcams in the latrines.
2. Further, it isn't always true. Lots of private universities have libraries; there are a number of privately-owned museums with libraries attatched.
3. Finally, while it is true your bog-standard municipal library is owned by `the government', it isn't owned by the federal government; it's generally a service of the municipal government, paid for by municpal ratepayers. Why exactly, again, does the FBI have the right to get any information at all from the library just because both the FBI and the municipal library are owned by `the' government?

The Cato Institute, a libertarian think-tank and about as right-wing an organization as you can imagine, a group I seldom have occasion to agree with, published a report on these sorts of issues entitled ``Preserving our Liberties While Fighting Terrorism'', which, in discussing exactly the sort of new powers like being able to search library records with no probable cause, says:

That ought to give pause to people of goodwill from all across the political spectrum-since those are the telltale signs of societies that are unfree.

Re:As one that works in a Library Systems Office .

[H310iSe]

See, that's a really good point - and environment that's safe and anonymous might also be one that would make it difficult for crackers to work from. Talk to me about what things a PC should be able/not able to do to make it cracker-unfriendly.

Re:Cash up front

[moody]

I'm a librarian and I see a few problems with the anonymous checkout idea. The library at which I work does not keep records of what someone has checked out in the past as long as fines have been paid, but we do keep information on books currently checked out and books that have been returned overdue with fines, until those fines have been paid.

This serves two purposes: to protect the library and to protect the patron. In a perfect world the system you lay out might work, but occasionally libraries make mistakes and sometimes people make mistakes or try to take advantage of the system.

On the patron side: If a book is returned on time, but somehow never gets properly scanned, it may show up as not having been returned. Often patrons cannot or will not return books during open hours, so they will use the book drop. Also having to stand in line at the checkout desk to have a deposit return would at least double the amount of people in line at the desk, meaning longer waits, and perhaps higher taxes to pay for more personnel to deal with twice as many transactions. If the library makes a mistake and the book is returned and not checked-in but reshelved, there will be no way to prove that the book was in fact returned. The patron would have no ground to stand on in stating that the book is in fact on the shelf or checked out to someone else or some such thing, as there would be no record they had checked out that book in the first place. Merely a deposit.

It might be possible to barcode cards and then input prices on the cards at checkout and then check cards inserted into the books on a patron's record, but in addition to taking more time, there would be no record of shelf status for the book (is this book checked out, withdrawn, missing, etc.) meaning anytime someone would want to see if something was one the shelf they would have to go and look, defeating much of the purpose of computer-based catalog systems.

On the library side: In addition to some of the above points (which in many cases would be negatives for patrons and libraries), there are always a group of people out there who wish to abuse the system. A case in point is our printing policy. We do not typically charge per page on printing from public machines, and we used to have signs merely saying "The library reserves the right to charge for excessive printing." 95% of persons using the computers printed reasonable amounts. However, a small percentage would consistently come in the library and print out reams of stuff. We eventually started enforcing that policy, and eventually changed it to the current policy which is 30 pages free, pages 31+ 10 cents a page and printing. But the same contingent still likes coming multiple times during the day, trying to sneak out without paying, printing without doing a preview getting lots of stuff they don't want and hiding the undesired pages, etc. It's a pain. I'm hoping to develop some system for counting pages printed (perhaps running all print jobs through a central server) but with Win98 machines this seems to be an expensive and not-too-easy task.

At any rate, I have no doubt that people would check out single materials, for instance, and then come back on a different day and try walking out with different stuff and say, "hey it's checked out on my record" and there might be no way aside from anecdotal evidence of the circulation staff to prove otherwise. People wouldn't remember what they had checked out. People wouldn't remember what they owned fines on. I'm sure the system could probably be undermined many different ways, while now we can say, "You have X checked out, and X is overdue." and if we are wrong the patron can try to prove otherwise.

Perhaps the most reasonable solution to get this kind of thing to work might be to check out the card to a patron with a price input at check-out and the book checked out to a dummy (non-existant) checkout patron, but that would essentially double work and add an awful lot of hassle, and might have other problems I haven't considered (I don't actually work in circulation, and most of the time the people that work in circulation technically aren't librarians (they don't have a library science degree) but clerks or para-professionals).

I have doubts that this kind of thing is really worth it in the end. If someone is that protective of their privacy that they can't stand to have a book linked with their record for the 3 weeks they have it checked out, maybe they'd be better off just reading it in the building or buying a copy with cash somewhere.

Encrypted? How? & Physical Book Checkout Syste

The library is going to be required to turn over their keys legally. You can't hide the encryption from them, and you can get charged with obstructing justice if you have a librarian dead-man switch deleting files...

I've also been thinking up a system for checking out physcial books anonymously for sometime. This became especially important to me, when I realized my library was asking patrons for their SSN in order to get a library card.

So this is system I've got so far....

1) You need to get the libraries to add another field for all books in their databases: how much replacement costs are (not book costs, as those are far cheaper) for each book. This is *not* an inexpensive step for large collections. Also you need a flag for whether or not a book *can* be replaced. Many, if not most, books can't be replaced. And most books are out of print in under 5 years.

2) When checking out a book with an anonymous borrower's card, the value of the card is compared to the value of the book. If the book is less valuable than the $ on the card, then the person wishing to check out the book may check out the book. In total all the books the person wishes to check out must be less than the value on the card.

3) The person wishing to use the anonymous card, tells the checking out staff member their use-password, to confirm that they have permission to use that particular anonymous borrower card (an attempt to prevent theft of cards. It's not very effective it's still possible for the woefully underpaid staff members to fleece anonymous cards, amongst other problems). And the amount the book is worth is deducted from that anonymous card account. As per most libraries, you get a checkout printout (which is also your receipt - how much good it's gonna do you I'm not sure....)

4) There's another password, which is the refund password. That allows you to cancel the anonymous account and get your money back (minus set-up fee). Card is written off as a loss, but can be re-upped with more money later (ie: don't reuse the card numbers, or be willing to tell people their old card can't be re-used). The reason this is different than the use-password is so one person can fund an anonymous card with more than one user, or give to a child and not let them cash it out.

5) Books that are late are automatically depreciated by late fees, until their value is 0, and then the book is purchased. Otherwise, patron gets whatever value is left back into their anonymous account, when they return the late book.

6) Another large problem (like 1), is book returns. A lot of time returning a book to the library does not put it back into their availablity system, and there's no reciepts issued, and no way to prove that you did return a book on time (any library user of more than a casual amount has run into this problem). One way around this design problem is to assign another staff member to do physical check-ins and print dated reciepts, limiting anonymous people to risking their money or having set hours which they must do returns. Also, most libraries are woefully underfunded and understaffed to be able to assign a staff member to do this.

7) This system doesn't cover defacement or other problems.

Many thanks to a nameless (for fear of slashdotting) librarian news site, for covering these issues and many other that are essential to rights, and knowledge.

-- Ender, Duke_of_URL