What Every Librarian Should Know about Electronic Privacy

The events of 9/11 have shaped massively recent global history; actions that the US government has justified as a reaction to that event continue to reverberate. With the introduction of the Orwellianly‐titled “Patriot Act”, US government agencies acquired heretofore unknown powers of surveillance over, and intrusion into, the personal lives of US citizens. The “spirited opposition” of librarians (p. ix) to this act, and in particular, the widely publicized John Doe librarians’ refusal to surrender library records to the FBI without a warrant, has provoked a very real discussion of the ethics of librarianship, in both the USA and beyond. That users must be allowed to “explore ideas of all persuasions and need never worry that big brother is looking over their shoulders” (p. ix) has become an evermore central ethical tenet of our profession.

What Every Librarian Should Know about Electronic Privacy by Jeanette Woodward is a perspectival, though not polemical, response to these events and also to the rise to ubiquity of electronic communication systems in libraries and society, generally. Evidently liberal in attitude, Woodward gives advice and opinion from the practical to the philosophical, and is never less than well informed and, for the most part, scrupulously even‐handed, while seeking to inform the librarianship profession of how to protect itself and its users from dangers to electronic privacy. In addition to the vagaries of the Patriot Act, the work covers all major privacy concerns relating to both libraries and their users.

Given the specifically American context, the value of this work, in addition to the usual criteria of clarity of writing, coherence of argument and cogency of message, is the extent to which the advice and discussion contained within are relevant to an international audience, for whom the particulars of the Patriot Act are likely to be of no more than academic interest. Against the former criteria, the work can be judged a success. Woodward displays a lucidity of prose and familiarity with subject that renders the work both highly readable and informative and which is perhaps only let down only by her tendency to invent example users and to refer to them with a slightly cloying chumminess that is, perhaps, suggestive of a frustrated impulse for creative writing.

Against the latter criteria, the work remains in large part useful to a non‐US practitioner audience, though a substantial amount of the work, dealing specifically with US law and practice, is not transferable and suggests that publication of a more generically applicable international edition might have been considered. Large tracts of some chapters – specifically, chapters five (on NSA data‐mining activity), eight (the Patriot Act) and nine (US advocacy) – obtain only to the US context and to specific US laws and government agency practices. That these sections are thoroughly researched and key ideas eloquently presented does not negate their merely academic interest for non‐US readers.

Notwithstanding this, however, for the most part the work remains extremely useful to non‐US practitioners. In fact, it is such a broad‐based and lucid appraisal, that it merits consideration as a useful introduction to several strands of subjects of computer security and electronic privacy issues as they particularly relate to librarians (and particularly public librarians).

The work ranges in the initial chapters from discussion of the dangers to library‐users of ID theft, phishing and various malicious software applications which might be latent in any public computer, to a discussion of threats to users from the business world. On this latter point, Woodward gives an eye‐opening account of the extent of the data collecting practices of blue‐chip Web brands such as Yahoo, Google, Amazon and AOL. Chapter 4 discusses the protection of children and teenagers from online predators and also, crucially, from themselves: Woodward describes the contemporary phenomenon of teenagers posting unwise comments or content about themselves on Social Networking sites that later come back to haunt their professional lives.

Discussing the need for data collection within libraries, the author gives a reasoned case for the minimum possible, based on the fact that librarians might inadvertently keep information which could compromise their patrons if lost (or indeed surrendered under the Patriot Act). Where the work begins to discuss the details of cases of lost data in the USA, the author's dissection of the motivating factors (human fallibility) behind such losses is succinct and insightful. Given recent high‐profile data‐losses here in the UK, it is certainly easy for a UK practitioner to draw parallels with the US examples of missing data such as the 2006 loss of Social Security numbers of 26,000 employees of the Department of Agriculture (p. 77).

Alongside such expository discussion, the author proffers useful and knowledgeable practical advice. In chapters 9 and 10, step‐by‐step technical guidance for the protection of user privacy and suggestions for programmes of user‐education demonstrate an admirable level of familiarity with subject.

Given the fluidity with which Woodward fuses the philosophical and the practical throughout the work, it is slightly jarring when she seems to somewhat run off track. Chapter 6, a speculative discussion of the Orwellian potential of radio frequency identification tags (RFID) leans towards quite heavily toward the polemic. The author seems to be aware of her own extravagances when, discussing the possible misuse of such tags by malicious agents, she questions: “Would people really want to devote their efforts to reading library tags? It's hard to know whether we are talking about a reasonable possibility and when we are just being paranoid” (pp. 108). While acknowledging that the RFID debate is perhaps more advanced in the USA than the UK, it could be suggested that the devotion of a whole chapter to this subject is either indicative of an element of the latter or of an editorial need to add weight to the word‐count.

Disappointingly, the work ends somewhat abruptly, leaving an impression of the work as a disparate series of themed essays rather than a cohesive monograph. Given its range of themes and the scope of its abstract discussions and practical advice, the work requires a more complete summation than is provided. Overall though, this is a fluent and engaging work, with a tangible passion for librarianship and a real sympathy for the needs of patrons. It is thoroughly researched and displays a clear understanding of issues relating to electronic privacy in relation to libraries. That it was written for the US market and remains so in its international release dilutes its usefulness for international practitioners, but even so it remains, for the most part, a highly readable and clearly delivered introduction to a subject which merits the attention of practitioners in all spheres.