One of the confounders thrown at privacy advocates inside and outside libraries is “privacy is too nebulous a concept to operationalize!” I’m sympathetic to a point, because the philosophers and the ethicists and the lawyers and the coders have made rather a tangled mess of things, but frankly in my head I call this confounder an “ethics smell” (after programmers’ “code smell,” which is a hint somewhere in otherwise-working code that something in the program’s design or construction is very, very wrong). It’s a cheap excuse anyone can use to pretend privacy doesn’t actually matter and shouldn’t be a consideration. We who value privacy are still stuck answering this smelly objection, though, so how do we usefully do that?
In some library conference talks I’ve done, I’ve groped toward a formulation I’m now calling “physical-equivalent privacy.” That is, if we wouldn’t track a print book, or a person using the physical library, in a particular way, the digital analogue to that tracking behavior is also not okay. Put more formally, “the library patron using library-provided electronic information should enjoy privacy protection equal to that of the same patron using the same information via a library-provided physical information carrier.” This is not a perfect analogy, let me just state that up-front—physical surveillance is also ramping up in all too many contexts, even in libraries—but it productively tickles most folks’ sense of what’s creepy, and I think it also activates a lot of tacit operational-privacy knowledge in librarianship.
Let’s walk through an example: usage counting for spaces. Physical first.
- Gate counts, or a count clicker? Not terribly creepy.
- Counts by a person walking through the library? A little creepy, but the creepy factor can be managed through a clear explanation (“we’re only counting, not recording anything else about anybody”).
- Counts that record possibly-visually-assessable demographic information (let’s say gender, race/ethnicity, and socioeconomic status) about patrons? Decidedly creepy, especially for patrons of already-oversurveilled populations, as well as quite prone to inaccuracy—one wouldn’t want to predicate services on such an assessment if one has the common sense of an oyster. Nor would one care to explain this practice to patrons, because not a few patrons (self included!) would flee the library for good.
- Counts by a person who asks each patron about their demographic information? Highly, highly creepy—we’ve definitely arrived at “scary” now, if we hadn’t already.
- Counts by a person who asks each person their name or library-card barcode number? So scary that the library would likely empty out.
- Combining either of the last two with recording the library material that the patron is reading, watching, or listening to? Absolutely beyond the pale; I would expect huge protests from patrons, working professionals, and professional orgs.
- Combining demographic information, name or other identifier, and materials choice? Ugh, just forget it—that’s utterly beyond scary into full Orwell.
You may have noticed that I left video surveillance out of the above list. You’re right; I did, and consciously so. Some people feel safer in the presence of video surveillance. I think they’re very often wrong to! But that still means I can’t usefully invoke video surveillance to tickle folks’ creepy meter, because it won’t always work as I’d intend it to. Audio surveillance might be an effective creepy-meter tickler, though, and it is salient in the context of voice-activated mobile phones and other devices.
Your sense of creepitude may differ from mine, but if you’re a librarian, I’d guess we’re fairly close together. (Caveats: some librarians don’t understand or believe that children also need and deserve information privacy, and some librarians have been utterly seduced by surveillance capitalism and its cousins “analytics,” “library value,” and “personalization.”) So let’s take that sense of creepy and apply it to digital analogues.
- Gate counts? Analogous to unadorned usage counts—and I do mean “unadorned,” no IP addresses, no login information, minimal to no geolocation, exact time fuzzed at least to hour. Not particularly creepy in and of itself, but I might argue that the persistence of this information, and lack of disclosure about where else it will go and how it will be used, starts to get just a little creepy.
- Counts by a person walking through the library? Hm. Let’s call it a person looking at the above unadorned usage counts. Not creepy—but also not visible to patrons in a way that begs to be explained to them. One important factor in creepiness is “doing something to/about me without my knowledge, much less agreement.” This fuels the often-researched observation that people get less comfortable with digital surveillance the more they find out about it.
- Counts that record demographic information? In academic libraries, this can take the form of correlating library and library-materials use with information from the institutional student-records office. A lot of learning analytics projects have done this, not thinking anything of it. It’s certainly more accurate than the impressionistic physical version, but does that really cut the creepy any? As for public libraries, this is what customer-relationship-management tools like OCLC Wise, currently being heavily flogged at conferences, run on. It’s hella creepy in my book, and it’s noticeably less privacy than a patron using the physical library and physical library materials has. Not okay. Not okay!
- Counts by a person who asks each patron about their demographic information? Same as above, really, except again, the “ask” part is missing. Learning analytics researchers slice and dice the data by demographic regularly, even when the numbers end up so small as to be wholly ungeneralizable—but highly reidentifiable. It’s creepy. It’s wrong. When the end goal is “personalization”—that is, a group of few or even one!—the creep factor multiplies further.
- Counts by a person who asks each person their name or library-card barcode number? This one’s easy: many electronic-materials vendors in both public and academic libraries either collect this information directly or make the library collect it (e.g. by proxy server). For library-computer and network use, device identifiers (like mobile phone MAC addresses or IDFAs/ADIDs) come into play. And again, learning-analytics research has extended this identify-the-patron paradigm into information-literacy instruction, computer and network use, interlibrary loan, and other areas where it absolutely doesn’t belong. Creepy as all get-out.
- Combining either of the last two with recording the library material that the patron is reading, watching, or listening to? Learning-analytics research, again. Have I gotten across how creepy that stuff is yet? Have I? I mean, go read it if you don’t believe me.
- Combining demographic information, name or other identifier, and materials choice? Even learning-analytics researchers typically fuzz the materials choice. Not always, though, and some of them seem to wish they didn’t have to.
See how this works, kinda? I hope so. Another way to work it is starting from a digital-surveillance situation and working out its physical analogue. My favorite example, which I’ve used in my classroom, is the Adobe Digital Editions fiasco from 2014. To get this level of information about use of a checked-out print book, you’d have to follow the patron home and watch them as they read it! Not even slightly okay! So why is it okay when it’s an ebook?
I’m not pretending this or any analogy can be a silver bullet. I do think this could be a valuable rhetorical technique to sway folks on the fence about the latest library-privacy invasion, or to face down the Library Value Agenda at conferences or library-internally. In that latter case, I suggest combining it with a “you-first” strategy, to bring in the problems of power differentials and nonexistent or forced consent: “How about we pilot this by tracking library staff in this fashion? No? Why is it okay to do this to students, then?”
Good luck. I’d be interested to know about folks trying this, and how it turns out for them.