Trust, vulnerability, and fabulation

dorothea

Shortly before the data dump came back to me, I realized with one of those disquieting internal jolts that there might be a book in it that—oh, to hell with talking around it. The book is Abigail Trafford’s Crazy Time (my apologies for the ableist title) and it’s about the emotional process of divorce, and I read it a good long time ago when I was very much still married. If you follow me on Twitter, you might have noticed me headslapping about the possibility of it turning up.

(Ah, I see it’s been largely weeded. Likely just as well. Having finally gotten through the divorce I was pondering then, Trafford’s book is quite a bit too universalizing in its approach—which isn’t to say it’s completely wrong, just needs a sprinkling of salt.)

As it happens, the book isn’t in those records. I assume I skim-read it in the library rather than checking it out, which was certainly prudent of me in hindsight. Not that the records are free of materials that don’t paint me in a flattering light (Michael Moorcock? For pity’s sake, why did I ever…), but that was a time of such intense personal unhappiness and vulnerability that I went back and forth about whether I could nerve myself to write in public about it.

But one thing library privacy ethics do, when those ethics are observed properly, is let patrons be that vulnerable, explore their vulnerable spaces safely and without external judgment, and that’s immensely valuable and also immensely hard to illustrate without a story something like this, so. There’s mine. I mean, I have another sort-of one too—reading books from that very same library about what was then called “voluntary childlessness” back when I was a Ph.D student—but that story totally turned out happily-ever-after, so never mind. (This was so far back—1996 or so—that these books don’t turn up in the records dump.)

Now consider this tweet from an OSINT company, which I reproduce below in case of sudden Twitter deletions (which I’m not woofing about, I delete mine every six months or so):

Tweet from "ShadowDragonIO" saying in part "There’s no better way to know what's on a bad guy's mind than knowing books they have on their bedside table. That’s why our #OSINT platform reads posts from discussion forums like Goodreads."

Goodreads, if you haven’t run into it, is a service that helps people keep and share a (wholly voluntary) record of what they read. ShadowDragonIO is openly advertising using such a record to guess what Goodreads users who are “bad guys” are thinking—in other words, to profile them. How is a “bad guy” defined? Who even knows. I just know that I don’t want this happening even to bad people (not forgetting of course that quite a few people consider me a bad person). Never mind that services like this have a remarkable way of not just getting used against “bad guys.” Funny how that works.

Of course, it could have been true that I checked out Crazy Time for a completely different reason. Class assignment (an easy excuse in an academic library). Somebody else in my life getting a divorce (which, now that I think about it, might have been happening). Lots of stories could be made up—that’s the “fabulation” I mentioned in my last post. Point is, those situations carry some vulnerability too, and as I keep saying, library patrons aren’t supposed to have to worry about being snooped on in vulnerable moments. It’s wrong. There is absolutely nothing right about it.

Take a moment, if you would. How much do you trust ShadowDragonIO right now? Are they creeping you out a bit? How about Goodreads, or at least using Goodreads publicly? Let’s go a step further: what if Goodreads autosaved and posted everything you read without you being able to interrupt that for any more private readings, what then? What if Goodreads didn’t autopost your readings publicly, but used them and allowed others to use them to profile you? (For what reason? For any reason, does it really matter? Especially when you’re reading something that touches a vulnerable place?)

Oh, but libraries wouldn’t do something wrong with… LIBRARIES DAMNED WELL ARE, THOUGH. Whatever you’re thinking would be beyond the pale—collective patron profiling, individual patron profiling, data sharing beyond the library, using the data for marketing and microtargeting, using the data against a patron somehow—some damn library in this damn country is either doing it, hoping to do it, allowing it without protest, or being urged to do it. That’s what those CRM systems do. That’s what web bugs and Google Analytics on library websites and inside OPACs do. Best guess so far is that that’s what at least some of the sleazeball library vendors who work with ICE do. That’s what library learning analytics does, if the University of Minnesota is any indication. That’s what SNSI’s pet CISO Corey Roach is talking about when he says he wants libraries and vendors to detect “fraudulent downloading” via behavioral analysis of patron reading histories to detect outlier subjects.

Imagine if SNSI’s pet CISO Corey Roach’s sleazeball little algorithms figured out that me checking out Crazy Time was outside my usual reading habits (which it was). Imagine some vendor or some vendor’s lawyer knocking on my door to ask me about fraud. Just imagine. I would certainly never trust that vendor or that library or any librarian in it ever, ever again.

It is wrong. Nothing will make it right. And it is a cogent, serious reason not to keep circ records for one instant longer than absolutely necessary.