Questions posed: Library patron privacy is important, but is privacy keeping pace with technology adoption? How can we protect patron privacy in a 2.0 world, from both cyber criminals and government intrusion? Privacy is not dead but online info is harder to keep private, and libraries are becoming more high tech.
Most Websites have URLs that start with either:
http – used to transfer information over Internet. Most information sent in clear text, so everyone can read it.
https – adding another layer to make it more secure. Encrypting information sent over the Internet.
Libraries deal with personally identifiable information, financial information, and information about what patrons are looking for. Anytime patrons enter a user name and password, the page URL should start with https.
Social networks – until recently, some pages of sessions were being encrypted (using https) and other pages were not (using http). As a result, people's social network accounts could be hacked (sidejacked). Social networks have since changed so that the entire session uses https pages.
There are other risks involved when using public Wi-Fi networks (they didn't go into specifics).
Best practice, including for libraries, is to have all pages where patrons log in be https. Https gaps put patron privacy at risk.
The presenters mentioned two ways of testing websites to see whether they are secure:
Qualys SSL Labs: SSL Server Test (which is free and is updated periodically for new threats).
www.HTTPSNow.org, which provides a security checklist
Thornchick's test of his own library's OPAC revealed uneven security - some pages were secure and others were not.
Implications for RCLS: Currently, the ROC is http rather than https. Hopefully this will change when the library catalog is upgraded this fiscal year. As a class exercise, we each tested the security of our own library websites. www.cityofrc.us did not receive a good grade. The presenter encouraged us to work with our IS department on security improvements.
No comments:
Post a Comment