Rebooting Library Privacy in the Age of the Network
May 19, 2011
Why library privacy matters
Without library privacy, individuals might not engage in free and open inquiry for fear that their interactions with the library will be used against them.
Library privacy thus establishes libraries as a sanctuary for thought, a safe place in which any idea can be explored.
This in turn establishes the institution that sponsors the library — the town, the school, the government — as a believer in the value of free inquiry.
This in turn establishes the notion of free, open, fearless inquiry as a social good deserving of support and protection.
Thus, the value of library privacy scales seamlessly from the individual to the culture.
Privacy among the virtues
Library privacy therefore matters, but it has never been the only or even the highest value supported by libraries.
The privacy libraries have defended most strictly has been privacy from the government. Privacy from one’s neighbors has been protected rather loosely by norms, and by policies inhibiting the systematic gathering of data. For example, libraries do not give each user a private reading booth with a door and a lock; they thus tolerate less privacy than provided by a typical clothing store changing room or the library’s own restrooms. Likewise, few libraries enforce rules that require users to stand so far apart on check-out lines that they cannot see the books being carried by others. Further, few libraries cover all books with unlabeled gray buckram to keep them from being identifiable in the hands of users.
Privacy from neighbors has been less vigorously enforced than privacy from government agents because neighborly violations of privacy are perceived to be less consequential, and because there are positive values to having shared social spaces for reading.
While privacy has been a very high value for libraries, it has never been an absolute value, and is shaded based on norms, convenience, and circumstance.
Privacy as a default
Social norms about privacy are obviously changing. No one knows yet where they will end up, but clearly we are undergoing a generational transformation.
Norms are what holds if exceptional circumstances need to be cited to justify contrary actions. In a grocery, the norm is that once an item has been placed in a shopper’s cart, other shoppers are not free to take it for themselves; if you do wish to take an item from another shopper’s cart, you need to give a reason.
In software and social systems, norms are expressed as defaults: functionality and configurations that encourage certain uses and behaviors. Defaults and norms are fundamental to human society; without them, we would have to go back to first principles every time we entered a grocery, and would have to renegotiate fundamental rules of behavior every time we queued. They are the implicit that enables us to live together.
Privacy is a set of norms expressed by defaults. In a library, for example, the norm is that you can glance at what someone is reading, but if you stare over someone’s shoulder, it will eventually become rude, and after some more staring, a librarian will be called over.
As these norms go through a generational change, it is crucial that libraries get the defaults right — or at least righter. There is, however, no possibility of perfection: The privacy norms are changing, the norms are less homogeneous than ever before, and the changes to the defaults will themselves influence the norms.
Despite this uncertainty, libraries need to do their best to re-balance the values and risks of publicness, in order to address the new norms, and new opportunities
The social opportunity
Libraries have valued reading primarily a private activity, with exceptions when an author is invited to give a reading, or during read-aloud hour in the children’s room.
This is not surprising since the technology of reading has been primarily aimed at individual use. Now, however, our new reading technology requires a network, and thus occurs not within a quiet carrel but in a social sphere.
The social has been under-represented in traditional library policies that have thought about privacy in terms of a strong dichotomy between the public and the private.
Of course the social sphere has always been with us, and libraries have enabled many social activities, from book clubs to public readings. But the Internet has made social groups — social networks — easier to form, more visible, and more persistent than ever.
The paradigmatic reading experience is no longer that of the solitary individual in front of a fire. The default is changing to that of a networked reader who is sharing what she learns, leaving traces of what she’s read, and contributing back to the network. The marks that people make, the notes they take, the order in which they read, and information about the pages on which they linger all can be used to enrich the network of readers.
In a traditional library, a reader’s checking out of a book deprives the library of some value that checking the book back in returns. It’s at best a zero-sum transaction. In a library that enables social reading, the library gets smarter with each user’s interactions with it:
Users’ annotations of all sorts are preserved for those users
Users can choose to make their annotations available to help guide other users.
Social interactions — questions and answers, comments, explications, reviews, etc. — are permanently available to help other users.
Users’ interactions help others make sense of the library — how books relate, which ones are worth consulting, how to contextualize a book so that it becomes more understandable and valuable.
Anonymized metadata about patterns of behavior help the library understand its users’ needs better, and can help users discover other holdings that they would value.
Together, these networked social interactions continuously increase the value of the library. That opportunity must be placed on the scales when weighing the value of traditional library privacy policies, for such policies prevent the accrual of this new value.
A new default
It is time to move away from the old default, which was based on non-social, solitary reading as the paradigm. The new networked environment is more complex, and requires a more explicitly nuanced default.
To rebalance the risks and opportunities, a framework for new defaults might be:
Individual library behaviors will continue to be strictly off-limits to governments, and to any other organization that the user has not explicitly authorized.
Individuals will have access to information about their own library behaviors, and libraries will preserve this information by default, unless the individual requests that it not be saved.
The library will permit a user’s social network to access that user’s information to the extent to which the individual authorizes it, while informing the user of the risks.
Aggregated information about library behaviors will be made public, taking care to anonymize the information and to protect against re-identification attempts É while recognizing that there always has been and always will be some risk of identification.
The Three Laws of Library Privacy*
1. Users own their data.
Users decide who has access to the data about their own interactions with the library and what may be done with that data.
2. The library fiercely protects the decisions made according to Principle #1.
The library enforces the user’s decisions about privacy, and enables public and social access in accord with the user’s decision.
3. The library is transparent, except where it affects Principles #1 or #2.
The library is transparent about its principles, and about how it is handling users’ decisions about privacy, except when such transparency would betray information users have decided not to make public or social.
Codicil: A new imperative
Libraries will make use of all available and permitted data in order to help further the interests of its users. They will do this because it advances the values core to the mission of libraries, and thus advances the value of libraries.