An ELF in the Library?
By Elizabeth Burns -- netConnect, 7/15/2006
Keeping track of library materials can be confusing and time-consuming. Families have multiple library cards, an area may have several libraries, and there are different due dates for materials. As any library patron knows, books and DVDs disappear and show up in the funniest places—behind the couch, under a bed, or on the shelf with the regular books. A patron may not remember something was checked out until it’s overdue, and library fines dampen library enthusiasm.
Library ELF provides an answer: one email listing upcoming items due. It also raises an important question—what happens when the long-held tradition of patron record privacy is violated by patrons themselves? This raises service questions and demonstrates the trade-off between privacy and accessibility.
The difficulty of tracking library materials prompted library patron Stephen Bisanz, a friend of software developer Jeff Chow, to ask whether software Chow was working on could be adapted to help him and his family keep track of their library borrowing. He wanted an email reminder notice just before their books and videos were due. From this, Library ELF was born.
All-in-one email reminder
Sounds simple, and not unique: one email with all the pertinent information. Patrons ask for reminders of due dates all the time. Instead of giving it to them, librarians generally let patrons call and renew or go on the Internet and renew, agree to receive emails when holds are available, or refer to printed receipts with due dates. While these are all good options, none addresses the question, and most require the patron to act. But, as Bisanz says, “It is easy to forget what is checked out. The printed slips of paper from the libraries are the first things to get lost.” To balance this, Bisanz, like many patrons, “tried a manual system where each kid took out exactly five items. That helped a bit, but it forced a fixed reading diet on the kids, and [they] weren’t particularly keen on being limited this way.”
Hence the request to Chow. “Now, [Bisanz’s] wife prints out an ELF email reminder notice and walks around the house collecting all the items,” Chow says. “They’re able to go to the library more often and check out items with less worry, plus the kids are a lot happier since they can borrow without restriction.”
Chow lives in an area of British Columbia with 11 different libraries within driving distance. “Many of us use a number of these libraries, and it can be difficult to keep track of all of the books that we’ve borrowed,” said Chow. “With the ELF, we can also consolidate multiple cards and get early email reminders as well. We are able to check out more books and return them on time. We’re also finding that we go to the library a lot more often.”
People are going to the library more often and checking out more materials—and returning them on time! What a concept. Any revenue loss the library may suffer from reduced fines is counterbalanced by the increase in circulation.
View all your library items
Creating a Library ELF account is simple. The online form requires only a valid library card, a PIN (if your library uses one), and an email address; the person is also asked to select a password for the account. The application uses these credentials to access the library account, including current information on items out and pending holds, and delivers that information by either email, RSS, or SMS (text messaging). A sample demo on the Library ELF site shows what this user-friendly reminder looks like.
Library ELF has been working on “behind the scenes” development to make the process more efficient. It recently moved to a new server that is shared with one other developer, and Chow has total control of the database server, which is larger and faster. He also modified the software to process users at 5 a.m., per “local library” time so that ELF doesn’t take up web server usage when the library is open. So far, owing to vendor indifference, Library ELF has not been integrated into any system, but Polaris is working with Chow to remedy that (see “Polaris and Library ELF,”).
Users have asked Library ELF for additional features—and they are the same requests that libraries get. Several users have asked for a reader history feature so they can keep a log of what they’ve read. Others have asked ELF to enable them to note what books they want to read next, like NetFlix offers for film. Although some users get advance email notices from their own library, a few users have said they still prefer ELF notices. “They like the layout of the notice, while some like receiving reports regarding more than one library card in a single email,” says Chow.
The privacy trade-off
Library ELF provides the information patrons want, in a fashion that is user-friendly. So what’s the downside? And why aren’t library systems providing this patron-friendly information on their own? Library ELF is simply taking the information from the library catalog.
The trade-off, of course, is privacy. Just as it’s simple for a patron to create an account, it is also easy for one user to log in as another, or for the email to be read by someone else. Patron privacy is very important to libraries and is protected by law.
Paul Neuhas of Carnegie Mellon University has an exhaustive list of such statutes at his Digital Reference and Privacy webpage. Libraries insist on subpoenas for releasing this information to third parties; libraries don’t allow family members to pick up one another’s holds. So why can Library ELF get this information? In examining privacy issues, it’s important to note that Library ELF highlights existing issues; it does not create them.Is Library ELF allowed to get the account information patrons want? Once a library has decided that patrons may access their own accounts remotely using a barcode and PIN, the ELF facilitates this by making it more convenient to access that information. The patron voluntarily sets up this account and invites the ELF to check it. In addition, Library ELF is located in Vancouver, BC, where, as the Library ELF web site states, “it’s our understanding that the USA PATRIOT ACT does not apply here. Furthermore, our privacy policy states that we will not share any information unless ordered to by a government court order (which, in our case, would be the Canadian government).”
Watching your account
What if someone obtains another patron’s account information and creates a Library ELF account with that information? The “Nosey Neighbor” now has a daily email about someone else’s borrowing habits. This is possible already without the ELF because Nosey has the information needed to look at an account manually from a remote location. The Library ELF makes such “snooping” easier, but it is already doable. Library ELF actually gives the patron something extra: a way to discover snooping. Normally, there would be no record of Nosey’s online invasion. A Library ELF account will note when “this card is viewed by other accounts” and includes the email address of the other account. Thus, while Library ELF makes it easier to be Nosey, it also makes it easier to catch the Nosey Neighbor.
It’s a little different, though, when the Nosey person is someone close to a patron. The critical information needed to access the borrower’s account (barcode and PIN) may have been voluntarily provided. Mr. and Mrs. Smith and five-year-old Junior quite happily have all three library cards on one Library ELF account. Fast forward ten years, and it’s the ex-Mr. and Mrs., and Junior is now a teen who doesn’t want Mommy and Daddy knowing what’s he reading.
What to do now? Even without the ELF, the exes have each other’s library card information, as well as their son’s, and the information can be accessed online. Library ELF illuminates the problem with the daily email that includes all three people’s borrowing information, perhaps prompting Mr. and Mrs. Smith to at least change their PINs, if not get an entirely new card. Junior can also “take back” his privacy by changing his PIN or getting a new card.
The security of RSS
A final privacy risk is through RSS feeds. This was highlighted in 2005, when Mary Minow of the Law Library blog discovered that Library ELF users who had RSS feeds going to popular web aggregator Bloglines had inadvertently made public their borrowing information, even for “private” Blogline accounts.
Library ELF immediately addressed the issue. An “update” on the “What’s New” page of the Library ELF web site explains that the way the RSS feed link was generated had been changed so that the email address would not be part of the feed. Once a user changes the Library ELF password, the RSS feed changes, too. This is not a panacea, though, and ELF notes that “if this new RSS link were to be published, then others may be able to view your feed again.”
Public RSS aggregators can treat RSS as public even if profiles have been marked private. The most secure solution is to unsubscribe from the ELF RSS feed and specify email delivery only. The FAQ section is even more blunt, naming Bloglines specifically as an RSS aggregator that treats RSS feeds as public even when a profile is private, owing to its shared database of feeds.
Library ELF developer Chow observes, “RSS is still in its infancy. The way to handle RSS for private feeds at this time is with HTTP authentication [which Atom has built in], but many RSS readers have not implemented this yet.”
Chow goes on to note that there is more than one way of handling HTTP authentication, which further complicates this problem, and that Bloglines apparently uses the least secure method. To recognize a private RSS feed, Bloglines requires that the username and password be embedded in the RSS URL.
Finally, Chow is paying close attention to RSS and security. “As RSS grows, more attention will be paid to its security. For now, it’s best not to have identifying elements in the RSS feed that can be linked to an individual.” ELF’s RSS feeds no longer refer to an email address or the person’s last name. Still, says Chow, “Those not comfortable with RSS may want to consider email only or RSS readers on their own computer.”
Library ELF users in the United States and Canada may also get reminders of available holds sent via cell phone text messages.
Ongoing concerns
The risk with using web-based aggregators for private information, particularly Bloglines, continues. An April 8, 2006, post at the web log Whirlycott reveals that “private” RSS feeds for NetFlix, Tada lists, and even confidential billing records have been made public.
The tension between convenience and privacy will only grow. Nevertheless, as Chow says, “If user comments are any indication, it might be all about convenience when it comes to things related to library activities. The bottom line regarding Library ELF is that many users are borrowing more and frequenting the library more often. It’s amazing that such a small thing as giving advance due notices can change the borrowing habits of users.”
Since convenience is what patrons want, what can libraries do to make sure that patrons get that convenience without losing privacy? How can libraries assist in getting that privacy back once it’s been compromised? And why haven’t more ILS vendors added advance notification to their systems? The demand continues for us to save the time of the user.
|
| Link List | ||
| Demo libraryelf.com/Demo.aspx |
Digital Reference and Privacy http://www.library.cmu.edu/People/ neuhaus/privacy.html |
FAQ libraryelf.com/FAQ.aspx |
| Law Library Blog blog.librarylaw.com/librarylaw/2005/ 12/breaking_discov.html |
Library ELF libraryelf.com |
WhiRlycott www.whirlycott.com/phil/2006/04/08/a-serious-bloglines-privacy-issue |
| Author Information |
| Elizabeth Burns is Branch Manager, Waretown Branch, Ocean County Library, NJ; the author of the web log A Chair, a Fireplace and a Tea Cozy; and a contributor to the web log Pop Goes the Library |
