Privacy concerns abound over BiblioCommons

  • by Peter Warfield
  • Wednesday January 14, 2015
Share this Post:

The wholesale eviction of all community newspapers and other publications from the San Francisco Public Library's main branch north entrance, along with removal of all the shelving, last month [see the Bay Area Reporter's story, "SF main library removes newspaper shelves," December 25] upset a number of newspaper editors concerned about the action and the lack of public input �" not to speak of patrons who were used to finding the B.A.R. , Central City Extra , and other publications available in quantities for pickup right at the entrance opposite the new Asian Art Museum.

Unfortunately, SFPL has a long history of making decisions without public input, and even making decisions that are contrary to library ethics and what its own surveys and public input solicitations say.

The list of such decisions includes the library's 2012-13 plans to cut back popular evening and weekend open hours for the next five years �" until a Library Users Association education campaign helped stop all but three of at least 44 planned weekly cuts �" and the library's preparation of changes to patron behavior rules that were so extreme that the American Civil Liberties Union wrote the library a detailed, two-page letter of concern last April criticizing, among other things, "draconian" increases in patron suspension times for violations.

Indeed, there is currently an attempt to implement a supposed catalog improvement, BiblioCommons, which includes social media features �" and trashes privacy so badly that city Librarian Luis Herrera is trying to get the Library Commission to gut existing patron privacy protections as a prerequisite to implementation for SFPL patrons.

And there was no public input at all into the plan to implement this �" not a word on Library Commission agendas, or any public notice �" until November 2014.

It was only after sharp public criticism at the December 4, 2014 Library Commission meeting by Library Users Association and two other members of the public, followed by questions from Commissioners Zoe Dunning, John Lee, and Susan Mall, that the truth came out: there was a half-million dollar contract that had already been signed with BiblioCommons. Library Users Association subsequently learned that there had been no competitive bidding, and that the contract had been signed in February 2014. The commission put off voting on changes to the library's privacy policy until the next meeting, scheduled for today (Thursday January 15), at 4:30 p.m., in the Koret Auditorium at the main library, 100 Larkin Street.

To summarize, the planned implementation of BiblioCommons software would (a) create significant privacy breaches for all users of BiblioCommons; (b) would censor patron expression at the sole discretion of the vendor once three users from anywhere among 200 participating libraries "flag" any comment; and (c) would sell patron information to third parties.

As the draft privacy policy presented at the commission's last meeting says: "In contrast to the SFPL registration and circulation record policies for cardholders, library users are hereby advised of a lower threshold for disclosure of a user's personal information and content associated with their BiblioCommons account ..."

Teenage minors at the library (13-17), whose borrowing and other records are currently confidential at SFPL, would be especially hard hit. The BiblioCommons privacy statement says, "Guardians of underage users in the U.S. (BiblioCommons is a Canadian corporation) may make a request to review and alter the personal information collected from their children on this service, or to deactivate their child's BiblioCommons account."

By contrast, the American Library Association's Code of Ethics strongly calls for protecting patron privacy as part of defending a patron's intellectual freedom. "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted." (Article III.)

"What is your gender, educational level, and ZIP code?" That is an example of questions BiblioCommons would be allowed to ask. "For some services, for example youth and literacy programs, BiblioCommons may also ask you for your ZIP/postal code, education level and gender," according to the company's privacy statement, second page top (PS-2).

And the company is misleading, if not outright deceptive, in its narrow definition of "personal information" that it promises will not be shared or sold �" such as name, birth month and year, email address and the like. But the company says it "may display shared content (such as patron comments about books) or make other commercial uses of shared content. (PS-2).

The assumption here is that shared content is not personal information when, in fact, a username such as PWarfield is clearly identifying. Is it not personal information when a patron with a clearly identifiable username writes a comment saying, "This is a really good book about illegal immigrants (or gays/transgenders/drug users/felons/ballet lovers) �" I know because I am one (or my parents/friends/family are")?

And guess what? Patron expressions are in many cases kept �" and displayed �" permanently. "Messages and chat cannot be deleted or edited once they have been sent. They are logged and archived indefinitely," BiblioCommons says. There's more: "Deleted content is removed from our data bases and inaccessible to other users, but may remain in our data back-up system and in third-party search indexes like Google." (PS-4)

As for censorship, the company has sole discretion to delete any comment that is "flagged by a number of different users �" three at this time. ..." So any three people who don't like a person or comment could completely eliminate their expressions within BiblioCommons. That is a corporate autocracy, run from BiblioCommons in Canada �" not a commonly-owned "commons" where people have a right to free speech under, say, the U.S. Constitution.

The company also appears to restrict potential criticism of itself. Under its terms of use, "All visitors to the BiblioCommons Service agree not to frame the BiblioCommons Service or portion thereof so that the BiblioCommons Service or BiblioCommons Content appears in the same window with a portion of another website." Whatever happened to fair comment, and a website that wants to illustrate a problem with BiblioCommons and would like to show exactly what that website looks like?

Whatever we understand about BiblioCommons today may change tomorrow �" or in five minutes �" with no notice to the patrons. "This privacy statement may change from time to time in response to new laws, or to an evolution in BiblioCommons policies or practices. We encourage you to check this privacy statement from time to time for changes. Your continued use of BiblioCommons after a change will signify your acceptance of the new terms." (PS-5)

The library administration says use of BiblioCommons is a patron "choice" with full notification, and that using the classic catalog would avoid loss of privacy. But we reject the idea that any product as toxic to patron privacy, and as complex as BiblioCommons, should be offered to patrons under any circumstance.

The library needs to be held accountable, and unfortunately the only way to do that now is for members of the public to make themselves heard via letters to the mayor, Board of Supervisors, and Library Commission �" and/or a visit to Library Commission meetings to make public comment.


Peter Warfield is the executive director of Library Users Association, an independent group that works for better libraries for everyone. He can be reached by email at: mailto:[email protected].