We talked in class a few weeks ago about what libraries owe to children when it comes to pornography on library computers. The crux of that issue is how libraries balance their foundational beliefs in the right to information and privacy for everyone with their roles and responsibilities as community spaces that welcome of children and (ideally) foster in them a love of books and reading. An issue packed with a similar tension and that I think is just as important, though less controversial than the pornography situation, is the issue of collecting the information of children online.
This issue prompts the question: how do libraries balance the right of children to access library materials (and their own desire to get them to access library materials!) with their duty to ensure that information about children remain private – or at least is only disclosed with parental consent?
Danah Boyd posted recently on her blog about discovering the unsettling policy of the Boston Public Library that does not allow children under age 13 to sign up for library cards online. Children under 13 can still get a library card in person with parental consent, but are not allowed to do so online under any circumstance. In the post Boyd is very compelling and speaks to the deeply held belief of librarians (at least, this future librarian) that our profession be “committed to making sure that children have access to information, even information that might upset their parents.”
When I first read the post it really fired me up. I was livid that one of the biggest libraries in the country wasn’t letting kids get library cards online. How archaic of them! How censorial! As I continued to think about it, however, and to read the comments made by some librarians on the various sites this piece was posted on, I realized it wasn’t quite so black and white.
The crux of Boyd’s argument is that the library is limiting children’s access to library materials by limiting their ability to sign up for library cards online. And that the reason the library doesn’t allow children to sign up online is because of their conservative (as in, overly safe, not conservative politically) decision to comply with COPPA, the Children’s Online Privacy Protection Act, when really they don’t have to comply with this law because they are a non-profit entity.
The problem, as I see it, with this argument is what she perceives to be the library’s motivation in deciding to comply with COPPA even though they don’t have to. Is it really overly safe on the part of the library to do so?
Although it is the technically the case that libraries, as non-profits, are not required to comply with the law (see Section 1302, Part 2b), that line gets a bit fuzzier when you consider the fact that most libraries these days use 3rd party, for-profit vendors to provide the infrastructure for their Online Public Access Catalogs (OPACs) and websites.
They use the programs and databases of these for-profit companies (instead of, say, a homemade OPAC and website) because for-profit companies make the coolest, most social, most “like Google” tools. And that is what people want. These are companies like Bibliocommons, the company used by BPL, NYPL, and SPL to name a few, as well as EBSCO, Encore, WorldCat, etc.
It’s not that these are bad companies; they are probably good companies, as companies go. But they are still for-profit companies. Meaning that a) they are supposed to comply with COPPA, and b) perhaps more saliently, that they have privacy policies that give them the rights to the data people store with them (i.e. the data people give to their local library when they sign up for a library card).
- BiblioCommons will not sell, rent or trade your personal information (e.g., your email address or date of birth). But we may display Shared Content (defined below) in the BiblioCommons Service, or make other commercial uses of Shared Content.
- Information in your BiblioCommons account that personally identifies you is encrypted and stored in a secured facility.
With our history and fierce sense of responsibility for protecting the privacy of our users, how can we as librarians not be wary of this arrangement? Especially when it comes to the information gathered from children?
So then, the argument could go, why not just put a checkbox on the site saying that the under-13 child has parental consent. That’s basically the model that lots of other sites follow by requiring users to check a box saying they are 13, right?
On the first day of this class, I think we all agreed (if I’m not remembering correctly, feel free to correct me in the comments) that security theater that deceives was wrong. Or, in the words of Bruce Schneier, “too much security theater and our feeling of security becomes greater than the reality, which is…bad.” In my view, that’s exactly what a policy that requires a user to just check an online box that says either a) that they are over 13 or b) that they have parental consent, does.
Therefore, while I agree with some of the more impassioned points that Boyd makes in her post about the obligation of the library to give children unfettered access to library materials, especially in those situation in which parents are restricting their children’s access to certain types of information, ultimately I have to disagree with the argument in her post overall. It’s not because I don’t think that there are certain unfortunate cases when seeking parental consent could be harmful to a child, but rather because overall, I think that libraries have a responsibility to make sure parents know that giving data to them means giving data to a 3rd party vendor as well. Boyd’s blog post neglects to address this key reality that libraries are dealing with.
In a perfect world of perfectly protected online privacy, would libraries allow children to sign up for access to library materials online with or without parental consent? I have to think they would – at least some of them. Right now, however, we don’t live in a perfect world – far from it. Right now, we live in a world where companies, even well meaning ones, get to shroud themselves in opaque, often meaningless “privacy” policies that generally don’t offer us any privacy at all, but rather assure us that any data we give them can and will be used by them however they see fit. So, let’s focus on changing this, instead of making libraries the bad guy.