Google knows what you’re looking for. Facebook knows what you like. Sharing is the norm, and secrecy is out. But what is the psychological and cultural fallout from the end of privacy? We have come to the end of privacy; our private lives, as our grandparents would have recognised them, have been winnowed away to the realm of the shameful and secret. . . . Insidiously, through small concessions that only mounted up over time, we have signed away rights and privileges that other generations fought for, undermining the very cornerstones of our personalities in the process. While outposts of civilisation fight pyrrhic battles, unplugging themselves from the web—“going dark”—the rest of us have come to accept that the majority of our social, financial and even sexual interactions take place over the internet and that someone, somewhere, whether state, press or corporation, is watching.
—Alex Preston1
In the last years of the twentieth century, I wrote about the mounting fears of invasion of privacy caused by accelerating developments in digital technology. I had seen nothing yet. Those vague fears, that queasy unease were born in a time when we knew nothing of two massive developments in the century yet to come. The events of September 11, 2001, led to the War on Terror and a concomitant expansion of state surveillance, the true dimensions of which are even now only dimly perceived, even after the revelations of WikiLeaks and Snowden. At the same time, large sections of the population became ensorcelled by the twin delights of online purchasing and social media. These two horsemen of the privacy apocalypse offered consumerism and social interaction, each without the tedious and often messy necessities of personal contact. Today’s Internet adds online porn, online gambling, and online “gaming”; so, given a pizza delivery company, anyone can live an entire sort of life in the solitary basement of her choosing. The digital Mephistopheles did not demand your soul in return for their “gifts”—just your privacy.
Many have written and spoken about this Faustian bargain. “Privacy is dead, get over it,” wrote Scott McNealy. “When you get something online free, you are not the consumer, you are the product,” has been attributed to several people, including someone called Andrew Lewis (writing, for reasons known best to himself, as “blue_bottle”). A much more significant person than either, Gabriel García Márquez, told us we all have three lives: a public life, a private life, and a secret life. The public life is open to the world, an environment in which there is no reasonable expectation of privacy. The private life is that which we share with family, those we love, friends, and acquaintances. In olden times, family and lovers were licensed to shrink one’s zone of privacy in negotiation with the individual. With friends and acquaintances, the zone of privacy was much larger. Apparently, there is now no distinction between friends and acquaintances; “friend” has become a verb (quite different from the old verb “to befriend”); and a “friend” is, more often than not, a stranger who may or may not read the individual’s profundities on social media. The secret life used to be the one in which the zone of privacy was very large and often complete. The lines that used to exist between public, private, and secret lives have become blurred, mutable, and, on occasion, nonexistent. Just consider what many people “share” online or in the unreality of “reality television,” and ponder the ways in which the three kinds of lives meld in the online age. The commonly predicted “chip in the brain” will complete the process and abolish the very concept of privacy.2 Worse, the private and secret lives are the places in which the keenest psychological insights and literature originate—and where will we be without those? While we wait for the brain chips to arrive, let us consider the privacy that we may already have lost in McNealy World.
The word “private” is defined as “belonging to, or concerning, an individual; personal; one’s own.”3 Private things, therefore, belong to the individual; they are her personal property. In a free society, the things that belong to you legally are inalienable and cannot be removed or interfered with without your permission. We all need privacy (a word rarely encountered before the sixteenth century) in a spatial sense and an informational sense. Our spatial privacy gives us the right to be alone, to associate only with those with whom we choose to associate, and to be free from surveillance. Our informational privacy is the right to control personal information and to hold our retrieval and use of information and recorded knowledge to ourselves, without such use being monitored by others. We also have the privacy that is embodied in the term “private property”—those things that we own, which include intangible, intellectual private property. The rights to privacy that once seemed so obvious to us in our daily lives have never been legally guaranteed in all cases or practically achievable.
Technology is neither good nor bad in and of itself. Technological advance may contribute to societal progress or may be a detriment to society; those advances may be both (just think of advances in fertility medicine in a world that contains more than seven billion people) or may be neutral. It is a natural human tendency to personalize both technology in general and specific applications of technology. For instance, the mental enslavement of many in the developed countries by the handheld devices we used to call telephones is a popular subject for cartoons and comedians. Those same devices have been a boon in many developing countries, facilitating commerce and communications in many positive ways. The truth is that, though the sight of a couple in a restaurant bent over their tiny screens in silence is some combination of risible and intensely sad, it is not the technology that is at fault; it is our shortcomings as human beings. Similarly, it is not the devices that create good things in Cambodia or Rwanda; it is the scope they give for human creativity and ingenuity to flower. The human use and misuse of technology arouses the emotions, and it is the human use and misuse of technology that we should observe, study, and seek to profit from the good and avoid the bad.
It seems that almost every advance in technology exacts a counterbalancing price or detriment. There is no such thing as a free technological improvement. One of the most obvious prices that we are all paying is the actual and potential erosion of privacy caused by the compilation of, and easy access to, large and complex databases resulting from our interaction with commercial, governmental, and other institutions. The latter, of course, include transactions between libraries and library users and transactions that take place in libraries. Here are words to make us wary: “Every keystroke can be monitored. And computers never forget.”4 The same article quotes Marc Rotenberg, director of the Electronic Privacy Information Center:
With the new online services, we’re all excited that this is going to be our window on the world, to movies, to consumer services, for talking with our friends. The reality is that this may be a window looking in.
The point is that it is not technology that is the enemy of privacy but our joyful, unheeding use of technology. We give away something of ourselves each time we engage in online transactions. One might wish it were not so, but the inescapable fact is that many of us are willing to trade privacy for convenience and allow commercial concerns to build and profit from huge databases built on that bargain. Most people worry about the security of their credit cards and bank accounts, and reputable providers of services take steps to ensure that security. Many people worry about potential governmental and commercial abuse of the information we are required to supply by law or in pursuit of a commercial transaction. Though these are real concerns, there is a wider picture that goes beyond the economic and governmental. We live more and more of our lives online, and the accumulations of data about us grow ever larger while there is an ever-increasing ability to retrieve and manipulate that data speedily. We are coming to see that the history of society is cyclical and that cyberspace is coming to resemble nothing as much as a medieval village—a place in which privacy was unknown.
Digital technology is now the indispensable vehicle of the relationship between individuals and their government and between individuals and commercial concerns. It also dominates and shapes an increasing amount of social interactions. We are right in being concerned about the integrity of our personal data and should support efforts by governments and others to devise regulations and codes that limit (but can never eliminate) incursions on that data. As long ago as 1973, the Department of Health, Education, and Welfare issued a code on personal data systems based on the following (paraphrased) principles:
• There should be no secret record-keeping systems.
• Individuals should have access to their own records.
• Individuals should be able to prevent data gathered for one purpose from being used for another.
• Individuals should be able to correct or amend their own records.
• Organizations collecting personal data must ensure its reliability and prevent misuse.5
Those decades-old principles still hold true in a very different world. They are even more difficult to enforce today than they were then, but they do provide the basis for humane and responsible collection and retention of personal data.
An application of these general principles to an important area of privacy can be found in the Health Insurance Portability & Accountability Act (HIPAA)6 and in the HIPAA Privacy Rules issued by the Department of Health & Human Services.7 The Act and the Rule are designed to “assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being.” A balance is struck that permits important uses of information, while protecting the privacy of people who seek care and healing. This illustrates an important tension between the privacy rights of the individual and the need for any system, great and small, to have a free flow of relevant information.
Privacy emerged as a social issue in the eighteenth century. Before then, people—even rich and powerful people—lived open lives because of the nature of society and the buildings in which they lived. Most people lived, ate, slept, played, and so on communally. Even more important with respect to privacy, there was little or no distinction between domestic life and work life. Reading and copying, for example, were communal activities in the Middle Ages. The concept of privacy and the solitary life of the mind came when communities and extended families gave way to nuclear families with houses with solid walls that contained separate rooms and were situated on private land. In the eighteenth and most of the nineteenth centuries, such houses belonged to the wealthy. Even then, communities persisted in the cohabitation of families and their servants. It was not until the twentieth century that the opportunity for privacy was available to the less well-off in Europe and North America. The important changes in the ways in which people lived and worked—notably the physical and psychological separation of work and “private life”—created a hunger for privacy that has been extended and asserted in a number of steps over the decades. One very important step was the publication of a paper by future Supreme Court Justice Louis Brandeis and a colleague arguing “the right to be let alone.”8 That influential paper (from more than one hundred years ago) was spurred by fears of the intrusive capability of then new technologies—cameras, tabloid newspapers, telephones, and the like. Later, when on the Supreme Court, Brandeis was to argue that wiretapping telephones was the equivalent of opening sealed letters.9 In the United States, the legal definition of privacy has evolved slowly in the years since Brandeis’s plea for privacy. The important Supreme Court case Griswold v. Connecticut (which said that a right to privacy implicitly, but not explicitly, contained in the US Constitution, underlies the right of married couples to use birth control) was decided only in 1965.10 There are those who say that Roe v. Wade—the most famous case decided on the basis of an inherent constitutional right to privacy—is constitutionally flawed for that very reason. In other words, they believe that the Constitution protects only that which it lists explicitly. One could not possibly underestimate the effect on American society of an acceptance and application of that extremist view.
There is a considerable body of opinion among constitutional lawyers and philosophers that the US Constitution was framed on the basis of natural law and natural rights that are inherent in an ordered society.11 Given that is so, it is not difficult to see that the Constitution is capable of interpretation that goes beyond the exact words of that document to place natural rights in a modern context. Privacy is, of course, one of the natural rights that has been understood since at least the late eighteenth century. Privacy has been a matter of great weight to the individual and to society as a whole for more than two hundred years, but the right to privacy is nowhere near as entrenched in law and constitutional thinking as most people believe it to be.
Privacy remained a hot political, legal, and societal issue throughout the twentieth century and, in one form or another, is still fought over today. All social movements have been combated by—among other things—invasions of privacy. All the protagonists of the women’s movement, the fight for racial equality, the struggle for literary and artistic free expression, and other such movements have been subject to surveillance and intrusion by governmental and other compilers of dossiers on private lives. It is common knowledge that such outrages still exist, but it would be cynical to ignore the advances in privacy contained in the law. That being said, unless we restrain the effects of technology, those hard-won legal rights are in danger of being vitiated by societal forces that cannot be controlled by law.
Technology—in the form of vast records of online transactions of all kinds and the possibility of searching and retrieving personal data from those databases—is morally neutral. As noted before, people can use this technology for good or ill—for their own profit or in service of humanity. Our privacy is invaded daily; the task is to ensure those invasions are controlled and have benign outcomes. We have clear opportunities and dangers and should work to take advantage of the opportunities and reduce the dangers. Columbia University professor Alan Westin published a list of important trends in the protection of privacy.12 Those trends include the following:
• Personal information will be owned jointly by individuals and institutions.
• Institutions may use personal data only with the consent of the individuals.
• Collectors of personal data will issue privacy codes.
• Storage and use of personal data will be regulated.
• Theft and misuse of personal data will be criminalized.
• A federal agency dedicated to the protection of privacy will be established.
Many of Professor Westin’s forecasts have proved to be accurate, in theory if not always in practice. One of them (the last) has not been realized. It is difficult to see a federal agency of the kind that he envisages being established, not least because of the American distaste for central government oversight of personal matters. What has happened is the establishment of a patchwork of ever-changing mixture of legislation, government regulation, and self-regulation. (Good examples of the latter are the various ALA policies and statements on privacy.)
A number of US federal agencies are actively involved in privacy issues. They include the Departments of Commerce, Health and Human Services, and Labor; the Federal Communications Commission; and the Federal Telecommunications Commission—each addressing medical, financial, telecommunications, Internet, and so on privacy issues in a largely uncoordinated manner. A list created in 2005 listed the following federal privacy laws:13
• Federal Trade Commission Act (1914)
• Freedom of Information Act (1966)
• Fair Credit Reporting Act (1970)
• Privacy Act (1974)
• Family Educational Rights and Privacy Act (1974)
• Foreign Intelligence Surveillance Act (1978)
• Right to Financial Privacy Act (1978)
• Privacy Protection Act (1980)
• Cable Communications Policy Act (1984)
• Electronic Communications Privacy Act (1986)
• Video Privacy Protection Act (1988)
• Employee Polygraph Protection Act (1988)
• Telephone Consumer Protection Act (1991)
• Driver’s Privacy Protection Act (1994)
• Health Insurance Portability and Accountability Act (1996)
• Telecommunications Act (1996)
• Children’s Online Privacy Protection Act (1998)
• Financial Modernization Services Act (1999)
• USA Patriot Act (2001)
All these are complemented by a host of regulations, court decisions, state laws, local ordinances, and pending legislation. Outside the circle of governmental action at all levels, there are many voluntary agreements between and within public sector entities (including ALA and other library organizations). It is obvious that this is a multifaceted problem—one that affects us all to a greater or lesser extent—and that it is, at best, being addressed in a haphazard and uncoordinated manner.
The complexity of the American approach is in stark contrast to the approach of the European Union, which has issued a Directive on Data Protection (effective October 25, 1998) that is binding on all members of the EU. The Directive is being revised to “strengthen online privacy rights and boost Europe’s digital economy.”14 The proposed revision is because
the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement. A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe.
The starkly different approach in the United States means that there is no one agency and no single body of law that mirrors the EU’s legal requirements, a problem in a world of globalized trade and constant interaction between the two systems. In the words of the US Department of Commerce: “While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU. In order to bridge these differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a “Safe Harbor” framework and this website to provide the information an organization would need to evaluate—and then join—the U.S.-EU Safe Harbor program.”15 The principles on which that program is based echo some of Professor Westin’s 1992 provisions.16 In summary, the Commerce Department’s principles are:
Notice. An organization collecting personal data must inform the individuals involved of what they are doing and their rights.
Choice. Individuals must be able to opt out of their data being transmitted to third parties.
Onward transmission. Personal data can be transmitted only to third parties that subscribe to privacy protection.
Security. Organizations collecting personal data must hold them secure against misuse, disclosure, destruction, and so on.
Data integrity. Personal data may be used only for the purposes for which they were collected.
Access. Individuals must have reasonable access to the data that have been collected about them.
Enforcement. There must be mechanisms (governmental or private) to ensure compliance with privacy principles. Those mechanisms must include recourse for individuals whose data have been misused, follow-up procedures to ensure remedies are being applied, and sanctions against organizations that violate personal privacy rights.
Given the increase in online transactions of all kinds, the great commercial value of personal data databases, and the increase in digital technology capabilities, it is inevitable that privacy will continue to be a major issue and one that is increasingly subject to government regulation and private sector codes and compacts.
There is a world of difference between the passive accumulation of anonymized personal data for a variety of legitimate purposes and the deliberate, active invasion of privacy. The former has potential for abuse; the latter is abuse. To my mind, one of the greatest scandals afflicting the political culture today is the wholesale and largely successful attack on the right to privacy. This is the world of 1984, the world of mind control, the world of mental totalitarianism. The confidentiality of library records and the confidentiality of the use of library resources are not the most sensational weapons in the fight for privacy, but they are important, both on practical and moral grounds.
In practical terms, much of the relationship between a library and its patrons is based on trust, and, in a free society, a library user should be secure in trusting us not to reveal and not to cause to be revealed which resources are being used and by whom. On moral grounds, we must begin with the premise that everyone is entitled to freedom of access, freedom to read texts and view images, and freedom of thought and expression. None of those freedoms can survive in an atmosphere in which library use is monitored and individual library use patterns are made known to anyone without permission. It is very important that all libraries follow a policy that ensures privacy and that they take steps to educate everyone in the library about that policy. In this context, we should always remember that most people in most libraries today interact with library staff, volunteers, and student assistants far more than with librarians. Knowing this, a library with a privacy policy that is not communicated effectively and completely to all who work in the library is just as bad as one with no policy at all.
For all their faults, preautomated systems were far better at preserving the privacy of circulation and use records than are their automated successors. Old readers may remember systems in which a book card and a user’s card were matched for the time and only for the time that the book was borrowed. Once returned, the two cards were separated, and there was no trace of the transaction ever having taken place. Now, our systems will preserve all circulation and use records unless they are programmed not to do so. Most library systems are set to delete user information after the materials are returned or the use is complete, but how difficult would it be for a skilled person to restore those “deleted” records? It seems that digital records are forever—if one has the skill, the desire, and the time to retrieve them. In addition, many systems choose to maintain a record of the last borrower (for convenience if a returned item is found to have been damaged or mutilated)—a small but significant invasion of privacy. Libraries serve communities, and communities breed gossip, nosiness, and prurience. Those who enjoy such things can easily find out who in their community has been reading about divorce, murder, diseases, dieting, dyslexia, and sexual variations. Is such a potential invasion of privacy worth the ability to track down library vandals?
One technological innovation that is actually assisting the right to privacy is the “self-check” device. This machine enables the user to check out library materials and gain access to other services on her own. I am not aware of any studies on the circulation patterns of self-check users as opposed to those who take their materials to a circulation desk. However, it would seem reasonable to assume that a library user with access to open shelves might feel freer to borrow “controversial” materials if assured that no one would see what she was borrowing. If this is true, such materials would go far beyond the obvious suspects—sexual content and so on—and extend to, for example, materials on diseases, English professors reading Danielle Steele books, “happily married” people reading materials on divorce, and cinéastes streaming Adam Sandler films. The self-check machine, invented to speed the circulation process, may well be a signal contribution to the library right to privacy.
I have noted before that there is a serious problem of disparity of access to digital resources. Bromides about “everyone” being online and the ubiquity of online access ignore the facts that ethnic minorities, lower socioeconomic groups, vast populations in the developing world, people living with intellectual and physical disabilities, and rural populations in the developed world lack access to the full range of digital services and, hence, are at an economic, educational, and societal disadvantage. The figures on the digital divide vary from one survey to another, but no one disputes the existence of that gap. The public library is in a position to compensate for that gap (as are academic libraries, particularly state-supported institutions in communities that contain a significant number of the disadvantaged) by supplying free access and guidance in using that access. This means that the question of privacy and confidentiality is an ineluctable and important issue for libraries—like it or not. We provide online access because we believe in giving access to all materials, but this particular case is so important because we are providing access to a vital part of modern life. If we are to come to terms with a society in which computer skills are highly esteemed and rewarded, and if we are to give access to modern communications to those who would otherwise be shut out, we will have to deal with the many consequences of that service. Privacy rights, intellectual freedom rights, parental rights, and other issues attached to Internet access are there and have to be confronted.
There are many age-old problems connected with library privacy, but online resources and digital systems have introduced new dimensions to the struggle for confidentiality. Anyone who wishes can monitor the use of online journals, find out who gains access to which web pages and who has downloaded what, create vast caches of information on sites visited and resources consulted, and do a myriad other things. You do not have to be paranoid to wonder a little, the next time you key in your name, address, and other details when ordering an item or service, about the uses to which those data may be put. Amazon, Facebook, Google, and the rest of the unaccountable lords of Big Technology accumulate vast amounts of individualized personal data for commercial purposes. One would have to be very naïve not to understand that data is open to major violations of individual privacy.
Invasions of privacy are often done with good intentions, but everyone knows which road is paved with those. In the electronic arena, users and librarians have to act to mitigate invasions of privacy and to be always alert to the possibilities for snooping and more sinister uses of data about personal use of digital resources. Given this state of affairs, it behooves us to work even harder to preserve confidentiality at least in the area in which we work. Librarians should never agree to the loss of privacy and should work hard to preserve the privacy of the individual by enunciating principles, creating policies, and putting them into action. We need to develop more detailed privacy codes that are flexible enough to cover all kinds of library use in a rapidly changing technological environment.
In June 2014, the American Library Association issued an interpretation of its Library Bill of Rights that addresses privacy in very broad terms and provides what is, essentially, an overview of the issues and an ethical framework for library policies rather than specific practical steps to be taken.17 For instance, the interpretation states that “Users have the right to be informed what [sic] policies and procedures govern the amount and retention of personally identifiable information, why that information is necessary for the library, and what the user can do to maintain his or her privacy. Library users expect and in many places have a legal right to have their information protected and kept private and confidential by anyone with direct or indirect access to that information.” Because of this necessary level of generality, a library formulating a privacy policy should not look to this document for the details of such a policy. That said, the document does provide a useful beginning and the following conceptual bases for a policy.
• Each library should relate its policy to the needs of its own community and the environment in which it operates.
• Library users have a right to confidentiality and privacy. The rights apply to minors as well as adults.
The latter point is central to ALA’s stance on “filtering” (the attempt to block “undesirable” digital resources by programs) in that, because minors are entitled to the same rights as adults, there is no excuse for depriving adults of access to information deemed “harmful” to minors by would-be censors. Some public libraries have sought to square this circle by using filters on most public terminals and setting aside “unfiltered” terminals for use by adults and minors with parental permission. This is a serious invasion of privacy in that no one should be forced to identify herself or himself in order to use certain marked terminals to gain access to digital resources.
The first step in formulating a privacy policy for libraries in the light of the ALA principles is to define the many issues that center on privacy. In essence, the library has to answer the following questions:
1. Are records of library use always confidential?
2. Is the right to privacy different for different media?
3. Does the age or the status of a library user affect privacy?
4. Have all library users the right to access to all forms of information and recorded knowledge?
5. Under which circumstances can privacy be abridged?
6. How far must the library go to ensure privacy?
7. What are the privacy issues arising from libraries supplying newly introduced services, such as 3-D printing and videogaming?
Let me translate each of these questions into concrete (and actual) examples and essay some answers.
1. Can law enforcement officers have access to records of library use?
A: Those records should be made available only on production of a subpoena.
2. Does the right to privacy on the use of tangible library resources extend to use of digital resources?
A: Yes, and any automatic tracking of use should be deleted or anonymized and aggregated so that details of individual use are lost. It is acceptable, indeed recommended, that library use data be aggregated so that statistics on the use of the library by classes of persons (children, graduate students, etc.) can be retained and analyzed, even though the use patterns of individuals are erased.
3. Is a parent entitled to know about her child’s library use? Is a college professor entitled to know her students’ library use (of, say, reserve materials)?
A: The first question is tricky, but a parent is not entitled to access to library records to gain knowledge of that child’s library use. The library is neither a child’s guardian nor a monitor, and parents should gain their knowledge about their children’s reading and online habits from the children in an atmosphere of mutual respect. The second question is easy. No.
4. Can any user of the library use any library materials and resources (including sequestered collections and the like) in privacy and without supervision?
A: Libraries have often kept collections of controversial materials in supervised places for reasons of security (it should never be for reasons of morality). Access to those collections should be as freely available to all users as possible. The only reason for monitoring library computer use is in cases when a time limitation is imposed because demand for access exceeds supply.
5. If a children’s or school library holds a reading competition, can it publish the list of books read by the winners?
A: Yes, but only with the permission of the winners themselves. This illustrates the point that mutual consent is a necessary precondition of any breach of the confidentiality compact between the library and its users, even for benign reasons.
6. Should a library install barriers, screens, and the like or special furniture (even if they involve significant expense) to ensure that only the person using online resources can see what he is viewing or reading?
A: Yes. Just as a library user can read any library book without others knowing what he is reading, that library user should also be given reasonable accommodation to ensure privacy of online use.
7. Do such new library services as the provision of maker spaces, 3-D printers, and video-gaming pose privacy problems? Are the library user’s expectations of privacy different for such new services?
A: Yes, but users of such services have the same rights to privacy as the users of more established services. In addition, the library adding a new function may be opening itself up to new challenges. For example, there is a growing use of library spaces and amenities as “offices” for the self-employed. See, for example: “For the growing ranks of freelancers whose alternatives range from a cramped corner of their bedroom to a $500-a-month, private coworking space, the new library work zones are a boon. Decked out with fast Internet, 3-D printers, meeting rooms, whiteboards, and plenty of space to spread out, they’re much better suited to getting work done than jostling for counter space at a noisy coffee shop.”18
Supplementary question: Is the library, so used, responsible for safeguarding the privacy of the freelancers?
A: Library privacy plans should be built on a combination of principle (the natural law right to privacy) and experience (the case studies that illuminate and exemplify a principle in changing and different circumstances). The example of law enforcement access to library records is a perfect example of principle and experience in balance. The principle is that library records are confidential. Experience and the greater good of society tell us that confidentiality can be breached if—and only if—a formal legal instrument, such as a subpoena, is invoked and produced. Some years ago, FBI agents interrogated a number of academic librarians about the reading habits of foreign scientists working in this country. Quite properly, librarians were not awed by the flashing of a badge and, in almost all cases, refused to answer such questions in the absence of a proper instrument of authority.
As can be seen from the preceding questions and answers, privacy and confidentiality issues are more complicated today. The environment in which we live is one of a diverse and unplanned complex of laws, regulations, regulatory bodies, and private practices. All the more reason why libraries, and everyone who works in them, should be alert to the right to privacy and the policies that ensure that right is assured. Before digital and other technologies had the major impact on libraries that we see today, privacy and confidentiality of library records and personal data on library users were relatively simple affairs. We now live in a world in which many issues connected with cyberspace are “hot” and are affected by political and religious views. Our privacy codes need to be updated so that we can deal with modern circumstances without ever compromising our core commitment to privacy as an important part of the bond of trust between libraries and library users. That bond of trust is a precious thing and one that we should do our best to preserve. In the face of the technological change, it is more than ever important to preserve human values and human trust so that we can demonstrate that we are, above all, on the side of the library user and that user’s right to live a private life.
Notes
1. Preston, Alex. “The death of privacy.” The observer [London] (August 3, 2014). www.theguardian.com/world/2014/aug/03/internet-death-privacy-google-facebook-alex-preston (consulted November 11, 2014).
2. See, among many others: McGee, Ellen M. and Maguire, G. Q. Jr. “Ethical assessment of implantable brain chips.” Paideia archive. www.bu.edu/wcp/Papers/Bioe/BioeMcGe.htm (consulted August 5, 2014). Scott-Curran, Stewart and Lampe, Tim. “Smartphone of the future will be in your brain.” CNN Reports (October 12, 2012). http://edition.cnn.com/2012/10/05/opinion/curran-lampe-mobile-phones/index.html (consulted August 5, 2014).
3. Webster’s Collegiate dictionary.
4. McGrath, Peter. “Info ‘snooper highway.’” Newsweek, volume 125, number 9 (February 27, 1995) pages 60—61.
5. Department of Health, Education, and Welfare. Secretary’s Advisory Committee on Automated Personal Data Systems. Records, computers, and the rights of citizens. Washington, DC: GPO, 1973.
6. US Public Law 104-191. August 1996.
7. US Department of Health and Human Services. “Summary of the HIPPA privacy rule.” www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html (consulted August 11, 2014).
8. Brandeis, Louis and Warren, Samuel. “The right to privacy.” Harvard law review (1890).
9. Cited in: Tuerkheimer, Frank M. “The underpinnings of privacy protection.” Communications of the ACM, volume 36, number 8 (August 1993) pages 69–73.
10. Griswold v. Connecticut, 381 U.S. 479 (1965).
11. See, for example: Clinton, R. L. God and man in the law: the foundations of Anglo-American constitutionalism. Lawrence, Kansas: University Press of Kansas, 1997.
12. Abstracted in Schroeder, Deborah. “A private future.” American demographics, volume 14, number 8 (August 1992) page 19; Privacy Exchange. “National Sector Laws.” www.privacyexchange.org/legal/nat/sect/natsector.html (last updated March 27, 2003; consulted August 11, 2014).
13. University of Miami Miller School of Medicine. “Privacy/data protection project: US federal privacy laws.” http://privacy.med.miami.edu/glossary/xd_us_privacy_law.htm (last updated May 11, 2005; consulted August 11, 2014).
14. European Commission. “Commission proposes a comprehensive reform of the data protection rules” (January 25, 2012). http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm (consulted August 13, 2014).
15. US Department of Commerce. “Safe Harbor.” www.export.gov/safeharbor/ (consulted August 12, 2014).
16. US Department of Commerce. “Safe Harbor privacy principles” (July 21, 2000). http://export.gov/safeharbor/eu/eg_main_018475.asp (consulted August 12, 2014)
17. American Library Association. “An interpretation of the Library Bill of Rights.” www.ala.org/advocacy/intfreedom/librarybill/interpretations/privacy (consulted August 12, 2014).
18. Hamilton, Anita. “The public library wants to be your office.” Fast company (August 8, 2014). www.fastcompany.com/3034143/the-public-library-wants-to-be-your-office (consulted August 13, 2014).