Volume 10, July 27, 2000
"Security vs. Anonymity"
by Virginia Rezmierski, Director of Policy Development & Education, University of Michigan and Aline Soules, Director of Kresge Business Administration Library, University of Michigan, EDUCAUSE Review, March/April 2000, p. 22
"As technology expands the way we operate in the electronic environments of colleges and universities—and provides us with new tools for teaching, learning, and research—important ethical issues concerning privacy arise." (p. 22) "One such issue is whether to require authentication for a user to access electronic resources within a campus environment." (p. 22) "Librarians have long been among the staunchest defenders of First Amendment rights. They care deeply about, and feel responsible for, protecting user privacy and providing access to uncensored information in a manner that is as barrier-free as possible." (p. 24) "Security professionals also carry obligations and responsibilities. They are charted with protecting the electronic systems and networks from unauthorized access, abuse, disruption, tampering, and failure. They are responsible for ensuring that the intellectual property of faculty and students in their communities is protected against unauthorized access or modification. They are accountable for protecting systems against overload and misuse." (p. 24)
"In most states, state laws protect the privacy of users by prohibiting the release of library lending information to third parties. In Michigan, there is further protection of this information, even from disclosure under the Freedom of Information Act (FOIA)." (p. 24) "Security professionals also support privacy of lending records but argue for user authentication when accessing a network." (p. 24) "…differing values and responsibilities of librarians and security professionals can lead to distrust between the two groups. When librarians hear security professionals explain how a hacker can be traced through the networks, they fear for their users and the privacy that they value so highly. When security professionals hear librarians talk about the low rate of abuses in the library, they conclude that librarians are unaware of the severity of the problem and fear for the security that they value so highly." (p. 25) "In addition, the different work environments of the two groups may add to this distrust." (p. 26) "There is a considerable difference between the measured, methodical approach of libraries and the experimental, risk-management approach of systems." (p. 26)
"In a recent meeting of state universities and law enforcement personnel, representatives were asked for examples of electronic threats occurring on their campuses. All campus representatives noted that they had seen an increase in such activity, in the form of direct threats to individuals, bomb threats, and other threats to institutional facilities." (p. 26) "Security professionals know about and have experience with such activity. Librarians, on the other hand, do not generally hear about these incidents within electronic environments." (p. 26) "The crux of the conflict between librarians and security professionals arises most clearly when library collections and other resources are placed on networks. For librarians, networked resources are part of basic library holdings. Only the format has changed. The holdings have expanded and are now located in different places. Access should have no more barriers than are required for any other type of information. Security professionals, however, point out that these are not the only information collections or services available through the network. Once a user gains access through an unauthenticated library machine, the user may be able to access any number of resources on the campus, resources that are underprotected and that are unassociated with library holdings." (p. 27)
"Both librarians and security professionals are concerned, in very different ways, about privacy and the protection of the individual." (p. 28) For a policy to be effective in guiding community behaviors, it must reflect the full range of the community’s values, must be understood and embraced by community members, and must reinforce the most important values and the mission of the institution as a whole." (p. 28) "For any process to be successful, communication must be open and continuous. The parties involved must keep talking, keep listening, and keep questioning. This is particularly true when there are different responsibilities and values, distrust, different experiences and language, different logistics, and incomplete knowledge about technology." (p. 28)
Library and Instructional Services
1201 S. State Street
Big Rapids, Michigan 49307-2279
(231) 591-3602