Defenders of Patron Privacy
When the FBI approached George Christian in 2005 with a national security letter (NSL) and lifetime gag order, the then–executive director of the Library Connection—a Connecticut library consortium—convened a meeting with the organization’s executive committee. The NSL would have forced them to turn over customer information without a judge’s order or a grand jury subpoena. They refused to comply and later came to be known as the Connecticut Four.
With the help of the American Civil Liberties Union (ACLU), they challenged the climate of surveillance and government overreach that followed the September 11 attacks, showing the nation that librarians would stand by the rights of patrons and civil liberties.
Here, the four share their memories of the experience and its resonance today with American Libraries. They are Christian, retired executive director of Library Connection; Barbara Bailey, director of Welles-Turner Memorial Library in Glastonbury, Connecticut; Peter Chase, retired director of Plainville (Conn.) Public Library; and Janet Nocek, director of Portland (Conn.) Library.
In your view, what was the significance of challenging the Patriot Act?
Christian: There were two significant outcomes: First, by challenging the Patriot Act, we exposed attorneys general John Ashcroft’s and Alberto Gonzales’s repeated misleading declarations to Congress and the public that the Patriot Act had not been, and never would be, used against libraries.
Second, our challenge made the public, the news media, and librarians aware that NSLs existed, that they came with perpetual gag orders, and that we and the ACLU believed that they are unconstitutional instruments.
Nocek: We were able to serve as witnesses to events of national consequence. The security-versus-privacy debate is an important one for America. We need to consider the consequences when security concerns lead to government overreach.
Chase: Unlike regular warrants, NSLs are under the sole authority of the FBI. It seemed to us like spying in the voting booth. I hoped the challenge showed that librarians would resist spying on patrons and that it would not be easy to violate patron privacy.
In the world of technology and surveillance, there have been troubling developments since 2005—even among library vendors. What has allowed for this trend, and what can people in the profession do to protect privacy and civil liberties?
Chase: The most frequent comment I hear from patrons and the public is that they don’t care about privacy. They say, “My life is an open book, I am not committing any crimes. The police could look at a list of what I borrowed or researched at the library, and I wouldn’t care.” Then I ask if they have curtains on their windows at home. Is it because they are doing illegal things—drugs, human trafficking, counterfeit currency? I hope not. It’s because we don’t want all our affairs to be public. You wouldn’t share your credit card bills with strangers or undress in the middle of the street. You want to have control over your own life, including what you let other people know about yourself.
Sometimes you want to open those curtains and let the sunshine in, and sometimes you want to conduct your life in private. Nobody wants to be on public display every minute of their lives. Part of being an individual is having the right to decide for yourself what, when, and to whom you tell things about your life, your thoughts, your dreams.
Nocek: In our own libraries, we must examine procedures and policies to ensure we protect patron confidentiality. ALA has some great resources, including a privacy toolkit. We need to consider that services that may be convenient to a patron also require safeguards to reduce privacy loss.
Bailey: As a profession, here are three things we can do now: First, keep informed about privacy. If you do not like what you see, contact the appropriate national, state, and local legislators. Second, conduct a privacy audit at your library. Review retained data and its role in your organization. Less is more! If you do not have a privacy statement, write one and review it with staff regularly. Finally, before signing a contract with a vendor, make sure you understand and agree with what they will be doing with the personal identifiable information collected.
Christian: Libraries rely on ILS vendors to manage their data remotely. These vendors, in turn, rely on third parties for, say, cloud data storage to enhance their products with additional electronic resources that are seamlessly integrated into their products. All of this enhances patron experiences and the library’s management capabilities, but it has also removed the library’s ability to be the data guardian.
Today the FBI might present an NSL to the cloud manager and use a gag order to keep both the ILS vendor and the library from ever knowing their data was accessed. A root problem is the lack of oversight over the government’s national security activities and the enormous profitability of pandering to the government’s perceived need for information. Practically all government-sponsored surveillance activities are conducted by contractors who have a profit incentive to keep the surveillance effort going and to continue to increase its scope.
Just as technological developments have enabled these erosions of our privacy, it is my hope that technological developments may provide a cure. The routine encrypting of data may become the norm in the near future, and advances in encryption may outpace the practicality of prying into encrypted data.
Library professionals have important roles to play in this climate of surveillance. They can work to increase awareness of surveillance issues and of the steps individuals can take to protect themselves, at least from commercial and criminal misuse of their personal information. They can also explore using technologies such as Tor to keep patrons’ online activities in the library private. In the longer run, they should think about how to ensure that as library systems evolve to use encrypted data, the control of the encryption keys remains with the libraries and is not delegated to system vendors, cloud managers, or other third parties.
If you had to do it all over again, what would you have done differently? Done the same?
Bailey: I had never heard of an NSL until I got the call from George—I was busy googling NSL while talking! The gag order associated with the national security letter was very chilling. Would I do it again? Yes!
Nocek: I am not political and am introverted. I just felt I was doing the right thing and would not have changed that.
Chase: We never revealed patron information, and we didn’t go to jail. Our case was made moot while the appellate courts were considering it because Congress amended the sections of the provisions we were challenging, and the FBI withdrew its request for patron information. I regret that our case ended before we got to the Supreme Court because the justices might have invalidated national security letters completely, but at least we established how difficult it could be to spy on libraries without a court order and discouraged the FBI from trying it again.
What do you think of the fame you have garnered within the library community?
Nocek: I think most librarians understood that our professional ethics were at stake and appreciated what we did. If other librarians find themselves in a similar situation, hopefully they can take heart and know there is the possibility of legal challenge.
Chase: I think all of us were surprised by the fame. I just hope it will remind librarians to stand up for the core beliefs of the profession, even in the face of the FBI.
Bailey: I was just doing my job, protecting patron confidentiality. I hope that what we did in challenging the national security letter gives other librarians the courage to stand up and fight for what they believe is right.
Christian: I am happy that our stand might be inspirational to others, but Library Connection’s circumstances were extremely fortunate. Most library professionals work in situations where they must answer to a publicly elected or appointed board or an academic administration and board. With education and preparation, they can be made aware of patron privacy issues well enough to articulate a position in their defense and commit to supporting the librarian’s responsibility to protect patron privacy.
In 2019, Peter and I were invited by the Southern New England Law Librarians Association to a meeting at Yale University in New Haven. Many of the law librarians attending were young enough to have only learned of us while pursuing their graduate degrees. They told us that to them and their peers, we were the rock stars of the library world. That was truly astonishing.
When the four of us met with the ACLU for the first time, we were informed that we would be identified as John Doe. I responded, “Just my luck. My 15 minutes of fame and I am to be known as John Doe.” I was just joking, but I smile now as I note that it is 2021, 16 years later. It has been a long 15 minutes.
Source of Article