March 18, 2018

ALA vs NSA: Reflecting on Libraries and Social Media | Backtalk

The personality, or personomy, or personhood/agency, of Edward Snowden is drawing lots of attention at the moment. He has been attacked and praised. As I have written elsewhere, some of those attacks walk parallel lines to a lie, but here I’d like to consider something that happened way back in the last decade. Forget Snowden for a minute.

Remember with me a time when librarians were freshly militant and radical. Remember January 2002, when, just a few months after the attacks we suffered, the ALA proposed this response to the USA PATRIOT Act. A year later, the proposed resolution would be adopted by the ALA Council, and library staff have been since emboldened to to take such “radical” steps as to fail to keep patron book checkout records.

The patron’s data is her own. It does not belong to the Library of Hattiesburg, Petal, and Forrest County.  It does not belong to the city of Arlington, Texas. It does not belong to the police chief, the sheriff, the mayor, or the CIO of the university. It belongs to the patron. (If you don’t accept this last bit as true, by the way, you might as well stop reading.)

Now, as Josh Greenbaum has pointed out, it’s kind of lopsided that we’re all so wild-eyed about the NSA’s doings when we know and accept that Google and Facebook and the rest have bigger and more personal troves of our data (and our metadata). But there’s a tonal difference. Despite big data sharing by Google, etc., with .gov interests, we individually must accept responsibility for the data we share online with private services we sign in to. You know that the picture of you knocking back an ouzo on your cousin’s porch is on Facebook servers. You don’t have any illusions that once you tweet that tweet, it’s public forever. That’s okay, because you share it on purpose, with full knowledge that it ain’t really private. Pictures on a postcard. It’s your choice to engage with that.

And if your local library were to require you to accept terms that state “your checkout records, browsing data on public computers, and conversations with staff may be recorded and shared with federal and state authorities… sign here to accept these conditions”, then that is something you also do willingly and on purpose, or not at all. Imagine the ensuing kerfuffle.

Listen to the tone change with the NSA’s vacuuming of our metadata, though.

The NSA (despite perforations in the gaskets which allow Google and the rest to share freely with them) belongs to us. If any part of Google belongs to you, it’s because you own enough shares to get a say in its operations. But the NSA is mine and it is yours and it is ours. And we did not click “I Understand and Agree to the Terms” before it started gathering our data. Your metadata, ladies and gentlemen? Is still your metadata. Do you remember the moment when you gave the government permission to metabolize it?

Because private companies can, with our permission and complicity, house our old data, they get a pass. We may (or must) excuse Google for not following the lead of librarians and simply not housing old data. After all, that’s part of Google’s business model. It turns our junk (time stamps, verb frequencies, +1’s, clicked links) into advertising gold. And we agree to that. And we have the option to stop participating in that.

But public libraries belong to us, the people. And so we don’t put up with requests from the government for the people’s data. Not even after 9/11.

Let’s not forget who this government belongs to.

Edward Snowden remembered, like the militant librarians defending privacy and the 4th Amendment that came before him, that the government is for the people. But PRISM represents the kind of program that reminds us: government is not by the people any longer. Can you imagine telling citizens of your city that the data generated by their use of the public library is not “for them,” and, further, that they can’t challenge the policy because policies aren’t set “by” them? Yet this is the situation we find ourselves in with a number of executive branch federal agencies. What are we going to do about that?

I reckon we could start by finding something to praise in Edward Snowden’s decision. Yes, you can call him an oath breaker. You can say that he lied, and that he broke the law. You could even attack him for a lack of formal education, if you’re really gutless. But he, like us librarians, took a stand for patron privacy—for citizen privacy. Snowden’s action give us a moment to ask some overdue questions.

If a citizen’s data really is hers, shouldn’t she get to say who sees it? And for that matter, if these public laws really do belong to the public, shouldn’t we (the public) have access to them?

No matter how “radical” a librarian you may or may not have become over the last 12 years, you know the answer by now.



  1. Eric Hossner says:

    A few weeks ago, I attempted to use my county library’s online book reservation system to reserve the latest Percy Jackson book for my daughter, and was more than a little horrified to see this:

    “The feature you have selected is associated with personal data in your patron account. Such data may be accessed by law enforcement personnel without your consent. Do you wish to continue?”

    How common is this?

  2. Thanks for this, Eric! Here’s a good (but dated 2009) article about what’s going on: . Many (most, we hope) libraries continue NOT to archive checkout records, but the ‘save title lists’, where you can generate a ‘to read’ list, can be shared with Feds, because the data in is on ‘the cloud’ of the library software provider, which is a separate (usually for-profit, private) organization. As near as I can tell, that exact verbiage you quote comes from Polaris (, but maybe others are using the same or similar language?