On Tue, Jun 25, 2002 at 04:56:10PM -0500, Harmon Seaver wrote: | would be aware of it, and people would be talking. I don't know of any way it | would be possible to make the software keep track of just one person, it would | have to keep the records for everyone. Of course, someone could keep track | manually, but I'd be willing to bet that if this were happening at all, the ALS | would know about it and would be filing suit against the DOJ. No, they wouldn't. The USA PATRIOT act forbids a library from talking about it. Thats why point 12 of the recent House Judiciary committee letter to Ashcroft asks about libraries. http://www.eff.org/Privacy/Surveillance/Terrorism_militias/20020613_letter_t... | | On Tue, Jun 25, 2002 at 02:23:08PM -0700, Joseph Ashwood wrote: | > ----- Original Message ----- | > From: "Eric Cordian" | > | > > It was my understanding that libraries destroy records of patrons' | > > activity as soon as the books are returned. Nonetheless, this is an | > > interesting Federal fishing expedition, with warrants issued by secret | > > courts, and criminal penalties for librarians who talk too much. | > | > I can tell you that at least in some areas that is simply not the case. I | > have personal experience with the San Jose City library and know this for a | > fact to be incorrect. They store information since the last upgrade of the | > central database, currently the better part of a decade, but coming up on a | > cycle point. Although it is very difficult to get the information, and large | > portions of even that have been lost through various issues. | > | > That is just a single area, but it seems reasonable that most | > cities/counties/schools would follow the same general principle. Of course | > with the lax way the information is kept it takes nearly a week to recover | > the list of books you've checked out in the last month that have been | > returned (unless there are penalties), so there is some saving grace to the | > system. | > Joe | | -- | Harmon Seaver | CyberShamanix | http://www.cybershamanix.com | -- "It is seldom that liberty of any kind is lost all at once." -Hume

jayh@1st.net wrote:

On 25 Jun 2002 at 19:49, Adam Shostack wrote:

The USA PATRIOT act forbids a library from talking

...

about it. Thats why point 12 of the recent House Judiciary committee letter to Ashcroft asks about libraries.

hmmmm... does that mean the by declaring that his library does not have than info, and thus has not provided info to the feds, is that declaration in itself a violation of USA PATRIOT?

How could the library have the info, it's SOP to *not* keep the info, as I said. Most libraries wouldn't dare keep the info, if other librarians found out about it there would be all sorts of nastiness. A library director of a library that kept that sort of info would be destroying his own career if he expected to go anywhere else. And I think cooperating with the feebs would do likewise. Nobody really believes the gov't anymore -- Asscruft would be spat upon if he entered most libraries. I think at this point most educated people recognize the Un-Patriot act for what it is - the USA Fascist Manifesto. There's lots of people in libraries who have no doubt at all that 9/11 was engineered by the CIA to give the military the pretext to invade Afghanistan and regain control of the opium market. That's what the "War on Some Terror" is all about, that and another big domestic power grab by the feebs, just like the "War on Some Drugs." -- Harmon Seaver CyberShamanix http://www.cybershamanix.com

Obviously you don't realize how pissed off librarians would be about it. There would very quickly be a court challenge, just as there was a court challenge to it back in the 50's, and just like there has been a court challenge to everything else like this -- the filtering acts, etc. How would they serve this order? If they came to me as the sysadmin, I'd have to talk to my boss, the director about and also to an attorney, before I did anything for them. And if I changed the settings on the database to keep all records, everbody in the library would know about it very quickly, and there would be a some real pissed off people demanding to know why I had done it. Furthermore, most libraries these days have joint databases with a bunch of libraries in the area, and they would notice the change and would be jumping up and down, demanding public meetings, etc. So the only way they could have it done is to approach someone to have them look at the system day by day and write down what the victim of the warrant was checking out. And what if he didn't check it out, just read it in the library? So much for that data, there'd be none. Or would the Feebs just have one of their own come into the library each day and access the staff side of the software -- people would certainly notice that too. People would talk, believe me. You can't get people to do something that pisses them off and expect them to really cooperate. I'd be willing to bet that in most libraries if they didn't file a court challenge the victim would get an anonymous phone call from a pay phone some night. On Tue, Jun 25, 2002 at 07:49:46PM -0400, Adam Shostack wrote:

On Tue, Jun 25, 2002 at 04:56:10PM -0500, Harmon Seaver wrote:

| would be aware of it, and people would be talking. I don't know of any way it | would be possible to make the software keep track of just one person, it would | have to keep the records for everyone. Of course, someone could keep track | manually, but I'd be willing to bet that if this were happening at all, the ALS | would know about it and would be filing suit against the DOJ.

No, they wouldn't. The USA PATRIOT act forbids a library from talking about it. Thats why point 12 of the recent House Judiciary committee letter to Ashcroft asks about libraries.

http://www.eff.org/Privacy/Surveillance/Terrorism_militias/20020613_letter_t...

| | On Tue, Jun 25, 2002 at 02:23:08PM -0700, Joseph Ashwood wrote: | > ----- Original Message ----- | > From: "Eric Cordian" | > | > > It was my understanding that libraries destroy records of patrons' | > > activity as soon as the books are returned. Nonetheless, this is an | > > interesting Federal fishing expedition, with warrants issued by secret | > > courts, and criminal penalties for librarians who talk too much. | > | > I can tell you that at least in some areas that is simply not the case. I | > have personal experience with the San Jose City library and know this for a | > fact to be incorrect. They store information since the last upgrade of the | > central database, currently the better part of a decade, but coming up on a | > cycle point. Although it is very difficult to get the information, and large | > portions of even that have been lost through various issues. | > | > That is just a single area, but it seems reasonable that most | > cities/counties/schools would follow the same general principle. Of course | > with the lax way the information is kept it takes nearly a week to recover | > the list of books you've checked out in the last month that have been | > returned (unless there are penalties), so there is some saving grace to the | > system. | > Joe | | -- | Harmon Seaver | CyberShamanix | http://www.cybershamanix.com |

-- "It is seldom that liberty of any kind is lost all at once." -Hume

-- Harmon Seaver CyberShamanix http://www.cybershamanix.com

On Wed, Jun 26, 2002 at 01:09:53AM -0700, Bill Stewart wrote:

It's been almost ten years since I was in the Keyport NJ library, but I'd be surprised if they've computerized their recordkeeping. If you wanted to see who'd checked out a given book that was on the shelf, you'd look at the card in the back and see the library card numbers of the people who'd checked it out, and they might have had dates as well. To find which 3 or 4 digit number corresponded to which person, it'd depend on whether they took their library card home with them the last time they'd returned books or left it at the library (mine might still be there?), and if they currently had books out, it was definitely at the library. If they took the card home, they had privacy, though the librarian often did know her regular customers by sight. They might have computer records for books they got on interlibrary loan, but that'd be about it - no sense in spending money on computerizing when old-fashioned card catalogs worked well enough for the speed at which they acquired books.

You'd probably be surprised then, because I'd bet it has been computerized. In WI and MN at least, even the tiniest libraries are on line. It came about because of laws mandating that all public libraries belong to a library consortium, and the consortiums run the centralized databases. If they don't join the consortium, they can't get state funding, and since most libraries are strapped for cash, they join. And the computer revolution has been going on in libraries for a decade now -- I can recall libraries where the staff was terrified of computers, but most of those people either got on board or retired. I'm sure there are non-computerized libraries in backwards states like AL or MS, where they don't even fund the public schools, let alone libraries, but NJ? Hardly.

On the other hand, any place that does computerize finds it almost as easy to keep records permanently as not, and it's certainly easier to centralize records and make them searchable.

It's a matter of policy not to keep records, that, and the fact that library software comes with that turned off by default. In some cases I think it would take custom programming to turn it on. And in most cases, since most systems librarians are not really computer gurus and rely heavily on outside consultants, they would have to call the software manufacturer or an outside consultant to help them figure out how to turn on the retention of patron records after the books is checked back in. And then explain to them *why* they would want to do such a nasty thing. And, as I said, there would be immediate outrage on the part of the other librarians with much shouting and wailing and demands for explanations, and demands that it be turned off. I think most people don't realize what strong civil libertarians most librarians are -- and how much privacy and freedom of speech is stressed in library administration and library schools. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com

At 10:48 AM 6/26/2002 -0400, Kathleen Dolan wrote:

In many states, it is illegal to store records showing who borrowed a book from a public library. Maryland, for example, requires destruction of the record after a point and even backups cannot be accessed without a court order.

KAD

Say a public library implements a policy of replying positively to all such inquiries, that is, if asked by a patron the db admin will tell them when their account is free of such inquiries. If a request does come in then the db admin can either: fail to respond (monitoring implied), tell them they are being monitored (violating the law) or lie and say they are not even if they are. So, can the Feds require a librarian to lie to a customer who inquires whether their library usage is being monitored? steve