> ... Library patrons should
> have the option—even the default—of keeping their data, and getting benefit
> from it.
>
> In such a context, however, and without being alarmist, I think special care
> need to be made to design systems that provide the benefits of data sharing
> without incurring too many of the risks.
>
> ... but one of the most important tools is *separation*....
In fact, separation and other simple but effective tools are already
used in the library world -- they just aren't widespread enough.
Consider anonymous tokens required by vendors such as Books24x7 to
provide proxy access. If you are unfamiliar with anonymous tokens,
these are keys that are unique to each patron which are generated when
users log into the proxy server. In the case of Books24x7, the key
(a.k.a. "anonymous token") is passed along with the HTTP request.
Books24x7 needs to be able to uniquely identify patrons because:
1) They want to provide user configured bookshelves and other
individualized services
2) They need to detect abuse of their services and take action --
preferably without punishing all users from the offender's library
Being able to identify individual users is very different than caring
who they actually are or spying on them. Aside from needing
information to provide customized services, we must provide financial
accountability for transaction based services and take reasonable
measures to prevent our systems from being used to attack/harass
others or to support other illegal activity.
One thing that holds us back is that whenever there is need for any
kind of metadata in the library world, our conceptual models tend to
be built around global identifiers and authoritative "records"
containing far more information than is needed for the task at hand. I
think both the service and the privacy we could offer would improve if
we could get past this model.
kyle
Received on Mon Jan 28 2008 - 11:33:55 EST