Shortly after Doug Way joined the General Library System as Associate University Librarian for Collections, he invited me to a meet-and-greet over coffee in the student union. I’d been teaching full-time for the iSchool for a couple-three years by then, after four years in the UW Digital Collections Center.

First thing Doug said to me once we sat down was “So… I’ve heard a lot of stories about you!” with one of those all-over stares that communicated without words “… and not a single one of them was complimentary.”

I grinned my widest, toothiest grin and threw my hands up. “They’re all true!” I averred. “Every last one!”

Who knows whether they actually were true. They might have been, more or less. Saying that I didn’t cover myself with glory while working for UWDCC is the wildest of understatements. Indeed, Doug might have been trying to tell me “hey, your former colleagues are trash-talking you behind your back.” I hope my carelessly amused response communicated back my truth, “I know, it’s nothing new; but I earned some of it, there’s nothing I can do about that now, and the trash talk most likely won’t appreciably hurt me, so let’s just laugh about it and let it go.”

(I don’t think I’m doing Doug any harm by telling this story, by the way—he’s University Librarian-ing at Kentucky now. If he were still in GLS I’d have gone on keeping my mouth shut about it. Doug’s one of the good ones and Kentucky’s lucky to have him.)

Where this connects to the data dump I released is—I have pretty cogent reasons not to trust a number of my former colleagues, including some who have access to those circulation records. I’m not even a little bit sure which ones I can trust and which I can’t. I don’t actually trust that no one over there has nosed about in my reading history, out of mere malicious curiosity or even actively looking for something to damage me with. I also don’t trust that no one over there ever would. Some folks, in GLS and outside it, sure did nose about in my social media over the years looking for something to get me in trouble over. A couple-three of them succeeded—and again, I don’t know who exactly; I just know in excruciating detail about getting called on the carpet.

Returning to the circ records, though: infosec practitioners call this class of security/privacy threat “insider threat.” It’s what happens when someone inside the organization trusted with access to the class of data in question uses that access inappropriately, especially to harm people.

A bedrock axiom behind library privacy ethics is that no patron should have to worry about insider threat. I shouldn’t have to worry that my former colleagues will use my reading history to scrag me—and if that seems a minor concern (it isn’t to me; I’ve withstood a number of attacks on myself and my career), consider some far less minor ones:

• Happy Pride Month! Queer patrons, out or not, should not have to be concerned about snoopy homophobes or biphobes or transmisics or acephobes (or or or…) on the library staff messing around in their reading records.
• Black lives matter! BIPOC patrons should not have to be concerned about snoopy library staff. Moreover, no one of any identity reading about the sociology of race (context, in case this post persists beyond this particular ignorant scandal) should have to worry about snoopy library staff, academic administrators, or even Regents.
• No patron checking out Talmudic commentary or tafsirs should have to be concerned about antisemitic or Islamophobe library staff.
• People read Nineteen Eighty-Four and forget about Tom Parsons. I can’t understand that! Tom Parsons, Winston Smith’s nosy neighbor, is instrumental in getting Winston scragged. Tom Parsons has no business working in libraries because he can’t keep his damned mouth shut about his neighbors or even his family.

A lot of people don’t respect consequentialist ethics, and I sure do agree that there are problems with it, but I also need folks to remember that library privacy ethics exist to prevent known real-world harms. Insider threat is a big one!

As I suggested above, it’s also about trust, general and specific. I have specific reasons not to trust my former colleagues that won’t pertain to everyone. However, this public-records request gave me pretty cogent reasons not to trust library policymakers and library processes—reasons that actually are pretty broadly applicable. That’s a problem for the GLS as well as for me, and if this really blows up (and I’ve been quietly talking with folks who are side-eyeing their own libraries), it could become a problem for larger swathes of librarianship.

And that’s before we talk about learning analytics, CRMs, Google Analytics, SeamlessAccess, and other privacy-destructive library practices.

If you’re a librarian concerned about this at your library, I suggest gathering the information you can gather and starting on whatever red-tape processes will lead to the situation improving. Bit of self-promotion: I’ve put together a fairly low-cost self-paced tutorial on privacy in libraries aimed at public, academic, and K-12 librarians.

It includes an exercise where you look at my data dump and use it to make up a story about how I’m the Worst Person Ever. What’s the point of that? To understand that library privacy ethics exist in part to cut off exactly this kind of fabulation (because that is what it is!) at the pass.