Adobe has made it extremely easy for unwanted eyes to read over the shoulders of library patrons. Earlier this month reports surfaced about how Adobe’s Digital Editions e-book software collects and transmits information about readers in plain text.* That insecure transmission allows the government, corporations, or potential hackers to intercept information about patron reading habits, including book title, author, publisher, subject, description, and every page read.
But the Adobe scandal is just the tip of the iceberg. Libraries sign contracts with technology companies to bring services to patrons all the time, and those contracts are not always favorable to library patrons. Whether it’s an agreement with an ISP to provide the library with Internet access, the publisher of a database of scholarly articles and primary source documents, or a children’s educational game vendor, these contracts are both commonplace and a relatively new development.
But problems arise when those contracts allow vendors to collect large amounts of user information, especially where, as we’ve seen recently, companies don’t always handle that information responsibly.
Libraries have long voiced a deep commitment to privacy in the digital age. In 2006 the American Library Association even issued a resolution on the Retention of Library Usage Records, which expressly urges libraries to avoid unnecessary collection and retention of personally identifiable data, and to transmit any such data over a secure protocol. However, all of this privacy-consciousness may be displaced when libraries are pressured to outsource user services to third parties that have different and inconsistent values.
And that pressure is mounting. Since the last financial crisis, library funding has been under attack. Indeed, in Camden, New Jersey, city officials actually proposed destroying library books. Yet that same crisis means library information services are in sharp demand. People who need to find jobs in a bad economy and can’t afford the steep cost of home Internet rely on libraries for information access, job searches, and email. Meanwhile, upper-middle-class patrons and library donors, less affected by the recession, are asking for library e-books and other digital services.
Facing the existential threat of closure and rumors of irrelevance, many library systems have invested in a digital update—which has led them to sign contracts with technology vendors. Unfortunately, the privacy policies and practices of these vendors aren’t always focused on protecting user data.
For example, nearly every library that purchases e-books has been buying from OverDrive, a company that imposes restrictive digital locks on media. The publishers working with OverDrive charge libraries exorbitant licensing fees, sometimes as much as three times the cost of a retail e-book.* Today, OverDrive dominates the library e-book market, operating in more than 30,000 libraries worldwide, often as the only e-book service.* Adobe Digital Editions is the software that makes OverDrive e-books “work” on certain devices—that is, it operates the digital locks (commonly known as digital rights management, or DRM) on electronic media used to restrict sharing and interoperability.
But Adobe isn’t the only company whose relationship with libraries deserves scrutiny. Amazon also collects sensitive patron information. When you check out a library e-book for Amazon Kindle, you complete the transaction with your Amazon account. Amazon then keeps a list of the library e-book titles checked out, with no option to “opt out” of this data collection—in addition to the other personally identifiable information Amazon collects with cookies. This means that Amazon can build a dossier on individuals’ reading habits and can potentially use that data in undisclosed ways. (We emailed Amazon asking for clarification on this issue, but they did not respond.)
And that’s not the worst of it. Before a Kindle loan expires, Amazon sends you an email warning that the lending period is almost over—and suggesting you purchase the e-book. In other words, your library usage is Amazon’s selling opportunity.
To be clear, libraries strive to protect privacy. Most libraries offer guest passes that aren’t linked to any account, and still more libraries wipe all session data from public library computers, including third-party cookies. And libraries rarely keep records of media borrowed. These measures help to ensure that users can research even the most controversial topics without fear of becoming suspicious to law enforcement.
But if digital library resources are available only via companies that collect user data, it’s easy for government agencies to simply get that information from vendors.
State library-led digital e-book lending platforms, and local initiatives like the ones in Colorado and Massachusetts, are helping librarians protect user privacy and serve up open content that’s interoperable with all devices. Readers and librarians who care about privacy should be calling for similar initiatives at home.
Additionally, library users should insist that that patron privacy needs to come first in all vendor agreements. These agreements should be in line with ALA’s Library Bill of Rights, Core Values of Librarianship, and Data Retention Policy, as well as with individual library privacy policies.
Librarians want to protect their patrons. It’s time for readers to back them up.
Disclosure: April Glaser is an employee of the Electronic Frontier Foundation, a digital civil liberties organization that has long studied and tracked the issue of privacy in relation to libraries.
*Correction, Oct. 20, 2014: This post originally misstated that reports of privacy concerns over Adobe’s Digital Editions e-book software arose last week.
*Correction, Oct. 24, 2014: This post originally misstated that OverDrive sets the fees libraries pay for e-books; publishers set these fees, though they are paid to OverDrive. The piece also said that OverDrive has a monopoly on the library e-book market; it dominates that market but is not a monopoly. Finally, it incorrectly said that OverDrive works with more than 30,000 libraries nationwide; that number is worldwide.