>
> Perhaps I am out of the loop, but I have never heard of an outsider
> privacy breech of a library system. Hackers and criminals (if that's not
> a redundancy) have little to gain from the information in library
> systems. The library privacy concern mainly involves law enforcement,
> and began with actual cases in which the FBI used libraries to seek out
> "thought criminals."
From Library Journal's article on Library Elf (
http://www.libraryjournal.com/article/CA6344741.html )
"A final privacy risk is through RSS feeds. This was highlighted in 2005,
when Mary Minow of the Law Library blog discovered that Library ELF users
who had RSS feeds going to popular web aggregator Bloglines had
inadvertently made public their borrowing information, even for "private"
Blogline accounts."
LibraryElf is just the sort of useful (wonderful!) service that should be
decoupled as much as possible. Rather than LE getting users' actual PIN
numbers, storing them on a server somewhere and making programs that log in
"as" you to get your data, the ILS and LE should be able to do most things
by handshakes and such, and the external service should be able to access
only certain information.
The LJ article seems to imply that LE started out on a "shared" hosting
plan. Now, however, it is only "shared with one other developer, and Chow
has total control of the database server." Color me a bit worried.
Put another way, LibraryThing thought seriously about doing what LE does. We
decided against it because I don't want 100,000 user PINs on my servers,
just like we don't want credit card numbers on our servers. I don't want
your secrets, people! :)
Tim
Received on Mon Jan 28 2008 - 13:57:47 EST